Yahoo 'E-Mail Account Exceeded' Phishing Scam

Detailed analysis and references below example.

Email purporting to be from Yahoo claims that the recipient's email account limit has been exceeded and warns that the account will be suspended if it is not verified within 24 hours.The email is not from Yahoo. The message is a phishing scam. Those who fall for the ruse and click the link in the message will be taken to a bogus website that tries to trick them into divulging their Yahoo login details.









Last updated: 17th April 2012

First published: 17th April 2012

Article written by Brett M. Christensen

About Brett Christensen and Hoax-Slayer



Subject: Your Yahoo Account Has Exceeded..



Dear Customer,



Your E-mail account has exceeded its limit

and needs to be verified, if not verified within

24 hours, we shall suspend your account.



Click Here



Thanks.





According to this email, the recipient's Yahoo account has "exceeded its limit" and therefore needs to be verified. The recipient is invited to click a link in the message to carry out this "verification" and is warned that failing to verify within 24 hours will result in the suspension of the account.However, the message is not from Yahoo. In fact, the email is a phishing scam designed to trick recipients into divulging their Yahoo account login details to cybercriminals. Those who click the link as instructed will be taken to a fake Yahoo login page and told to login to verify their account. The bogus login page is designed to emulate a genuine Yahoo sign in page. Once they have "Signed in" on the fake site, victims will then be automatically redirected to the genuine Yahoo website. Meanwhile, the login credentials supplied by victims can be harvested by the criminals responsible for the phishing attack. Once they have procured this login information, the criminals can then access the compromised accounts, lock out their genuine owners and use the accounts for their own nefarious purposes.Often, these criminals will use such hijacked accounts to launch further scams and spam campaigns. One such ruse is designed to trick contacts of the victim into sending money to online criminals. Once they have gained access to the hijacked account, the scammers will then send emails to all of the people on the account's contact list. These emails will falsely claim that the account holder is in a very difficult situation and desperately needs financial assistance. Usually, such emails claim that the account holder is stranded in another country without money or travel documents due to a robbery or lost baggage.Yahoo users are regularly targeted by scammers using similar phishing techniques. Scammers have used this tactic to steal account information from users of other popular email providers, including Hotmail Gmail and several others Yahoo discusses such phishing attempts on its website. If you receive one of these phishing scam messages, do not click on any links or open any attachments that it may contain.

Last updated: 17th April 2012

First published: 17th April 2012

Article written by Brett M. Christensen

About Brett Christensen and Hoax-Slayer

