Phishing

I’m embarrassed to report that I fell for a Phishing email a month ago. It happened when I signed up for a new Yahoo! Search Marketing account. I signed up for the account and ten minutes later I had an email similar to the following email in my inbox:

Yahoo Search Marketin Phishing Email

There is an obvious part of this email that should have tipped me off immediately that I was about to be taken.  The email is not from yahoo.com.  It is yahoo-inc.com.  Close, but close will get your bank account drained.  The challenge for me was that I had signed up for a new Yahoo Search Marketing account just prior to getting this email.  I was in a hurry and just blindly clicked the link, figuring that Yahoo was requiring me to confirm my email address and since I had just signed up for a new account it must be legit.  The link lead me to a page that looked exactly like this:

Yahoo Search Marketing Actual Login

This is the actual Yahoo Marketing Solutions homepage.  The page in the link in the email I received has been taken down. (See below)  The only way to have known I was in the wrong spot would have been to look at the url.  This one is correct – http://marketingsolutions.login.yahoo.com.  The one I clicked through to said – http://liveadsmscenter.com/adui.  other than that, the web page looked exactly the same.  Again, I was in a hurry and just saw ads and center in the url and didn’t think.  I had just signed up for an account, so it made sense that I do this, and I had other things to get on to.

The next day I got a call from my credit card company.  They wanted to know if I had made three $3000.00 charges to Yahoo!  I didn’t think so.  I had approved $100 per day for ads on Yahoo.  I could see one $3000 charge, but not three.  I logged in to my Yahoo Search Marketing account and instead of seeing all of the keywords I had put in, I saw dozens of keywords relating to mortgages and the ad spend had been raised to $3000 per day.

I quickly called Yahoo and  they locked the account.  They promised to refund the $9000, which they did in about a week.  At first I figured that I wasn’t stupid enough to have been caught in a phishing expedition as Yahoo suggested.  It became more apparent that I had when Yahoo support said that they did not send out emails to verify a users email account.  It became even more apparent over the next month when I proceeded to get an email almost every other day purporting to be from Yahoo Search Marketing.

It appears to me that the phishers send out so many emails that they are bound to catch someone at just the right time that it’s easy to end up a phishee.  If I get a notification from a bank where I don’t have an account, it is easy to tell there is trouble.  If I get an email that appears to be from my bank about a password problem, and I have recently changed my password, it would be easy to be distressed, and without thinking click on the link to fix the problem.

The obvious lesson here it never click on a link in an email.  Always type in the address of where you want to go, or use the link in your favorites.

I have been reporting the further phishing emails that I get to Yahoo and amazingly enough, the phishing site in the latest email I got was taken down within 48 hours of my reporting it to Yahoo.

No comments yet.

Leave a Reply