Menu Search Hoax-Slayer

BT Yahoo 'Final Warning' Phishing Scam

Outline
Message purporting to be a "Final Warning" from BT Yahoo claims that users must immediately click a link to verify their account before they can receive pending emails.

Brief Analysis
The message is not from BT Yahoo. The message is a phishing scam designed to trick recipients into disclosing their email login details to Internet criminals.


Example

Subject: Final warning!!!

Dear Customer,

Your incoming messages were placed on pending due to our recent upgrade.
Verify your account immediately to get your mail working by pressing the to get your mail updated

Click Here

Thank you for using BT Yahoo!

BT Yahoo!©2013

BT Yahoo Final Warning Phishing Scam



Detailed Analysis
According to this message, the recipient's BT Yahoo emails have been "placed on pending" due to a recent upgrade. Recipients are advised to "immediately" click a link in order to verify the account and receive their pending emails.

However, the message is not from BT Yahoo or any other legitimate service provider. In fact, the message is a typical phishing scam whose sole purpose is to extract email login details from unsuspecting Internet users.


Those who take the bait and click the link in the scam message will be taken to a bogus website that hosts a Yahoo email login box. The fake page looks almost exactly like the genuine Yahoo login and features seemingly official Yahoo logos and formatting. Unless they look at the web address of the page - which has no connection to Yahoo and is not even secure - many users may not realize that they are not on a genuine Yahoo web page.

If uses proceed and provide their Yahoo ID and password on the fake site, they will be rapidly and automatically transported to the genuine Yahoo login page. Many will conclude that some simple glitch has occurred and will login again - this time on the real Yahoo site - without taking too much notice of the apparent double login anomaly. Meanwhile, however, their account login details have been sent to the criminals running this phishing campaign.

Once they have collected this information, the criminals can login to the Yahoo accounts belonging to their victims, lock out the rightful owners by changing passwords, and use the accounts to launch further spam and scam campaigns.

Email phishing campaigns such as this one are ongoing and have targeted users of all major email providers. Do not open links or attachments in any unsolicited email that claims that you must verify or confirm your account details. Some variants of these scams ask recipients to reply to the message with their username and password. Genuine service providers are very unlikely to request sensitive personal information from users in such a manner.

It is always safest to login your online accounts by entering the service's web address into your browser's address bar rather than by clicking an email link.


Last updated: February 28, 2013
First published: February 28, 2013
Written by Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams - Anti-Phishing Information
Difference Between http & https
Friend Stranded in Foreign Country Scam Emails
Btinternet Email Account Phishing Scam
Gmail 'Update Account' Phishing Scam
Yahoo Account Phishing Scam Email



© Brett M.Christensen, 2014. All Rights Reserved.

Go to Desktop Version