Phishing: My Yahoo Account has “expired.”

Phishing, as I have mentioned numerous times elsewhere, is rampant. In a world with over 7 billion people, it’s hard to say how many electronic bad guys there are out there, but even if its a relatively small number, the nature of the web gives the bad actors a lot more access to a global pool of potential victims than your average con-man enjoyed in pre-internet days.

This email arrived this morning:

yahoo1

Two things:

  1. YahooMail is always free. There’s a no-ad service you can pay for, but the drones are counting on the fact that grandma or grandpa (or any other potential sucker) won’t know that.
    77
    A significant portion of internet users are terribly un-technical, and find computers are to be feared; if they use them at all, it’s on a cookbook level. “If you see it on the internet, it has to be true” is sadly a part of far too many people’s psyches, hence many people get taken advantage of in myriad ways.
  2. See that little yellow circle by the link? If you hover over it with your mouse, you’ll get a popup indicating how any particular website has been rated by users for trustworthiness and child safety.Yahoo2That’s a function of a browser extension called “WOT” (Web of Trust) that I have mentioned elsewhere. It’s invaluable for stopping problems before they start. The circles displayed are green, yellow, or red, and you can follow the “Click to view details” link for more information, user reviews, or to rate a site yourself if you have a (free) account.It’s not perfect by any means – WOT can be subject to shill reviews and malicious comments from unethical competitors and the like, but like anything else on the internet, it’s part of a body of evidence and I find it extremely useful as a canary in the mine.  In this case, the top-level domain “twomini.com” is rated very poorly on both counts, with the one user-posted review stating “Domainhoster hosting sites used for fraud, scam and Accountphishing.” Which is certainly true in this case.

If you hover over the “go here” link, your browser indicates that you are being directed to “http://bit.ly/10VyM2I” which is most definitely NOT a Yahoo address. It’s a shortened link which expands to:

DrudgeSirenSmallhttp://infoskale.twomini.com/obyno/Connect%26True%3DUser1%25%3DXclusiv-
3D%23Anonymous7Dole%3DReason%26Upgrade1%25continue%25True4.php DrudgeSirenSmall

Web addresses like that are not necessarily bad in and of themselves, but they are not what you would expect to see when you visit a major site like Yahoo, or Comcast, or your financial institution. Those little drudge lights up there point out that this kind of URL is a red flag for suspicious activity, and to proceed with extreme caution.

If the victim unwisely clicks on the link, they get this:

Yahoo3

which quickly redirects to this:

Yahoo4

If you try to “log in” from this screen, your account information is sent to Russia or the Ukraine or Nigeria or somewhere else, and the bad boys now have access to all your email, as well as an account to send out spamvertising or other scams with, and they do so on a regular basis. The victim is then sent back to the regular Yahoo Mail  website, and continues on their merry way none the wiser.

indiana_jones_grail_knight-you-have-chosen-poorly

I logged in several times with user names like “ScammersEatCamelDung”, just to make sure they got the message. Of course, it’s possible that responses are simply harvested into a login script that will never be seen, but what the heck; I’ll take any opportunity to insult one of these wastes of human cytoplasm.

Please be careful out there, and for the love of Ella Wheeler Wilcox and the music of the spheres, protect your loved ones. If you have people you care about who use the computer and who are not tech-savvy, educate them on how to protect themselves from scammers.

We demand that people get licenses to drive a car; it’s a shame no basic training is required before venturing into the potentially-scary world of the internet.

The Old Wolf has spoken.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s