![]() If you were to enter your email and password there, the threat actor would steal your information and use it to log in to your account.Īfter gaining access to your email, the threat actor could do any number of things, including compromising connected accounts and stealing your personal information. So, where exactly does this link lead to? It redirects the victim to a page closely resembling the standard Yahoo Mail sign-in site. Clearly, this particular threat actor is aware of the practice and counts on the target being familiar with it to carry out the attack. ![]() The company often reminds users that it closes inactive accounts, or email accounts that haven't been used for more than 12 months. What's more, Yahoo does actually issue similar notices on occasion. Instead, they are disguising the phishing URL with a fake sign-in button. The color scheme is the same, the font very similar, and Protect by Yahoo is an actual service Yahoo offers to its customers.Īlso note that the threat actor is not using a naked URL, because that would make it obvious that the link does not lead to an official Yahoo page. The "protect by Yahoo!" logo, as well the login button look rather convincing-there's hardly any difference between the images this scammer used and the company's real logo. Nobody wants to lose access to their email, so this social engineering technique makes perfect sense, as rudimentary as it may seem. For a start, the threat actor is repeatedly creating a sense of urgency in order to convince the target to click the link. To really understand what the scammer is trying to accomplish here, let's break down the email and parse the language. The email says that all "old versions" of Yahoo Mail accounts will be closed soon, and urges the victim to click the Sign-in to Yahoo button and log into their account as to avoid "service interruption." Unless they do this, they will be "locked out permanently," the message stresses. In this phishing scam, the threat actor contacts a victim, claiming to represent the Yahoo Service Team.
0 Comments
Leave a Reply. |