14 DAY TRIAL // Security researchers from Bkis warn of a wave of phishing emails posing as notifications from Yahoo and asking users to confirm their credentials in order to avoid having their account terminated.
The phishing emails come with spoofed headers to appear as originating from "The Yahoo! Mail Team" <[email protected]> and have a subject of "Update Your Account!!!"
A big banner with the company's logo contained in the email suggests that spammers used a template from a Yahoo customer care satisfaction survey and modified the text of the message.
"Due to the congestion in all Yahoo! Accounts, Yahoo! Will be shutting down some of our accounts, both premium and free accounts for security reasons. "In order to avoid the deactivation of your account, you will have to confirm your e-mail by filling your Login Info below after clicking the reply button. "We are really sorry for any inconvenience this might cause use," part of the poorly formulated message reads.
The form displayed underneath not only asks the recipient for the Yahoo! ID and password, but also their name, birthday and country.
The lure with accounts being in danger of getting suspending has been intermittently used by phishers on Yahoo! Messenger and email spam for years.
Credulous users who reply with their credentials, will send them to a [email protected] address, which is controlled by the attacker.
Of course, people should already known that no reputable company will ask customers for their passwords, especially via email.
There are very few cases when a user's identity requires verification and those are most of the time related to the password being lost or the account being locked down.
Users are strongly advised against sharing their passwords with anyone. If the employee of a service needs access to an account, they should already have the means to obtain it without the user's password.