Yahoo! E-mail Account Hack Phishing Scam

[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]

VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.

Header:

From - Mon Jul 16 04:08:48 2012
X-Account-Key: account8
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x
X-YahooFilteredBulk: 82.132.130.150
Received-SPF: none (domain of yahoogroups.co.uk does not designate permitted sender hosts)
X-YMailISG: x
X-Originating-IP: [82.132.130.150]
Authentication-Results: mta1096.mail.ukl.yahoo.com from=yahoogroups.co.uk; domainkeys=neutral (no sig);
from=yahoogroups.co.uk; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mail.o2.co.uk) (82.132.130.150)
by mta1096.mail.ukl.yahoo.com with SMTP; Mon, 16 Jul 2012 01:52:27 +0000
Received: from hp-pc (197.242.102.93) by mail.o2.co.uk (8.5.119.05) (authenticated as x@o2.co.uk)
id 4F3CE39718035F65; Mon, 16 Jul 2012 02:35:27 +0100
Message-ID: <x@> (added by postmaster@mail.o2.co.uk)
From: "Yahoo"<servicealertservicer@yahoogroups.co.uk>
Subject: YAHOO
Date: Tue, 17 Jul 2012 02:51:07 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Antivirus: avast! (VPS 120715-1, 07/15/2012), Outbound message
X-Antivirus-Status: Clean

Body:

CLICK HERE TO UPDATE AND SECURE YOUR YAHOO ACCOUNT

Comments:

This is perhaps the lamest attempt we've seen from phishing scammers. It is almost like saying CLICK HERE TO BE SCAMMED. They don't even try to make the e-mail look legitimate.

The link in the original e-mail takes you to a Google Docs Response Form. Now any clever person will ask himself/herself the question, why would Yahoo! use a service from Google to update one of their own accounts. Another give away is the password box. The password is not masked, but visible in clear text, so although the link takes you to an SSL encrypted page, the mechanics of this page should give away its intentions.

What appears to be an e-mail from Yahoo! Groups, is actually an e-mail from an o2.co.uk e-mail account. Looking at the e-mail header, it appears to be from a computer infected by some malware, so that is the reason why we removed parts of the e-mail address where this spam message actually came from, because it is more likely that the spam came from a victim of a malware infection, than the spammer himself.

Below is a screenshot of what the form looks like:

Related Cyber Criminal Profiles:

No related profiles found.

Similar Spam Examples:

PayPal Phishing Scam - PayPal Alert: Security Checkpoint
Paypal Phishing Scam - Important Message
Yahoo Phishing Scam - ********WARNING********
Yahoo! Phishing Scam - U P D A T E
Facebook Phishing Scam - Blocked account

Related Malware Samples:

No related malware samples found.

[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]