Saturday, April 28, 2012

Warning to Yahoo email users! Don't fall into this trap!

A client sent me this the other day and fortunately he suspected it was not a legitimate email.  If you ever get emails like these be very careful not to fall into their trap.  This is how they can get your login password to your email account.  It used to be that looking closely at the web address (URL) was enough to determine that it's not a legitimate address but now they're actually displaying what looks to be a legitimate web address (URL) but if you put your mouse on top of the web address it will reveal a different address that will go to the site that will either ask you to login (and thus compromise your login info), OR it will be a site that leads to a virus to infect your computer.

Here's the letter (note that I changed the links to images so they are not active links):

Dear  Customer,

Due to congestion in all Yahoo! Mail user accounts, there shall be a    removal exercise of all used and unused Yahoo! Accounts. Yahoo! Inc would  be shutting down several accounts.

You will have to confirm your Yahoo! account. So you are required to logon  to your Online Yahoo! Account with the provided link below.

NB:    Failure to to update your Yahoo! account will result to a permanent  closure.

Thank you for being a loyal Yahoo!  Mail user.

We hope you enjoy the newest version of Yahoo! Mail.

David McDowell
Senior Director
Yahoo! Mail Product Management

Looks legitimate, right?  Well, if you put your mouse on top of that link, your browser will tell you where the link actually goes.  On most browsers, the actual link destination will appear on the lower-left corner of your browser window when you put your mouse on top of the link.  In this case here is the actual destination address behind this seemingly valid link:

Now if you were to actually click on the link and go to that website, here is the page you will get to:

You'll see that they took enough effort to really try and make it look like the Yahoo mail site but if you look closely and take a look at the browser address bar (at the top of your browser page), it will show that you are not on the Yahoo page at all.

So next time you get a notice from your email provider, or your credit card company, or your bank, or any other online place you have accounts with, be extra careful that you're not falling into a trap.


Susan Sheehan said...

Thank you so much for this article. I just received this email, and have notified Yahoo with the senders email adress.

Anonymous said...

Hey i clicked on this link and login ..but canceled the window. Can my password be hacked by them .

Steven said...

Wow, you posted this a YEAR ago, but it's still relevant today! It's now April 26, 2013. Your post was from April 28, 2012, in which you say your client got their fraudulent email "the other day." That means it probably happened on April 26, 2012 - a year to the DAY before the one I just received. Mine claims that Yahoo! is switching my email from "classic" to the newer, faster, redesigned Yahoo! mail. It says the change will be mandatory after about a month, but for now, I can keep MY classic Yahoo! mail. OR, I can just go ahead and switch NOW. At the bottom, it's signed EXACTLY the same way YOUR client's scam mail was signed:

David McDowell
Sr. Director of Product Management
Yahoo! Mail

Being that this was a "no-reply" email, I wanted to find out more about McDowell -- so I google'd him, trying to find his personal email addy, so I could cuss him OUT, and tell him I don't WANT to switch. During that SEARCH, I found THIS page, containing your information about the scam. Luckily, I DIDN'T click the link (to upgrade my Yahoo! mail NOW) -- but just like you SAID, I've noticed that if I HOVER OVER the link, the bottom of the page SHOWS me where the page would actually TAKE me. In THIS case, it leads to

{mrd [dot] mail [dot] yahoo [dot] com/trap}

(I typed it that way, which WON'T show up as a real link (the places where I typed [dot] are places a "period" goes))

Yes, it actually HAS the word "TRAP" right there IN the address. Thanks to YOU, I know NOT to fall for this, and I will be reporting it to the REAL Yahoo!. Thank you, and keep up the good work.

I COULD HAVE EASILY fallen into the trap, because the REAL Yahoo! actually HAS been pressuring me into switching from Mail Classic, to their new mail. But THIS attempt to get me to switch, was FAKE.

ANOTHER thing which helped me to identify this as a scam, was that it was sent to me FROM:

{noreply@email [dot] yahoo-inc [dot] com}

While it's TRUE that Yahoo! is an Incorporated company (I can tell by the copyright "Yahoo! Inc." information at the bottom of ANY valid Yahoo! page) -- I'm not sure, but I don't think the REAL Yahoo! actually USES the letters "inc" in their email addresses, even the NO-REPLY variety. THIS particular scam artist always seems to include "inc" in the FROM field of the scams.

ALSO, there's a link to Yahoo!'s PRIVACY policy in the email, near the bottom, under his signature. I've noticed (using the HOVER method again), that it leads somewhere TOTALLY DIFFERENT than the REAL Yahoo! privacy policy (which there's a VALID link to, at the VERY VERY bottom of my mail).

I didn't fall for it THIS time, but I suspect my security may have been compromised BEFORE. For a MONTH, I wasn't getting any notifications. Do you know about "notifications" on Yahoo!? Anytime I leave a comment on an article, and someone gives me a thumbs-up on my comment, or REPLIES to my comment, I get a red "notification" up in the corner of almost ANY Yahoo! page I'm on (including mail). Once I READ each notification, it goes away, until I get ANOTHER notification.. So ANYWAY, I know MINE weren't working, because I can MANUALLY check for replies to my comments, and I saw that I had been getting MANY replies, and thumbs up, but was NOT getting "notifications" about them. First, I thought there was something wrong with cookies, or JavaScript in my browser. But after trying THREE different browsers and various settings, I realized I just wasn't RECEIVING notifications anymore (when I SHOULD), and it wasn't my browsers' fault. So I now suspect that the REASON, could be because someone ELSE was already IN my Yahoo! account, reading my activity (which WOULD cause the notifications to clear, because Yahoo! thinks I already SAW them). But it's fixed, and I changed my password. Thanks again. I hope this info helps someone ELSE avoid getting scammed. BE CAREFUL, EVERYONE!! Thanks.

Anonymous said...

steven (and others) … good post here … appreciated your motivation to share. i got same in my mailbox this morning.

Anonymous said...

still in a quandry because unlike Steven's situation, the privacy link given in the message and at the bottom of the email are identical. Also, it appears that Steven got thrown off because he assumed that a subdomain ( is not a legit part of the domain. I believe it is and am leaning toward treating this message as legit. Would appreciate clarification of this.

Also I'm wondering why I no longer can send text messages from within yahoo mail as I did prior to March 2013. Maybe this was deleted from the Canadian service????

Thanks in advance.

Anonymous said...

Thank you. I just got a similar email and googled the McDowell name and found your article, which was a huge help.

Anonymous said...

This was really helpful. I have just received one of these. One option it offered was "For more information, help or to get in touch, go to
I logged into that and didn't like what I saw..But does the fact that I have gone into ""mean that they can access my details? Thanks for any help you can give.

Anonymous said...

I've been getting these letters in one form or another for a long time now 2013 and this year 2014 too. I'm glad I went on this website to discover all this info. Fortunately I was suspicious and spammed them all but this latest one did seem more authentic with th Yahoo symbol. Does Yahoo ever send mail and if so how would we know it was authentic?

Anonymous said...

Wordy much?

Anonymous said...

I answered and was early morning and I wasn't careful enough...When I realized it I immediately changed my password. Am I in trouble?

Yahoo Stock said...

Yahoo is actually quite serious about their users.. This piece shows how willingly they are performing to keep the yahoo accounts safe.

Kevin R. Pierce said...

when i clicked upgrade on this deal what i got was something about phishing nothing on about how to upgrade, is this for real will i lose my email account in a couple of days?

Doreen said...

I teceivwd an email also fromYAH00 they ised zeros instead of an "O" stating that i mwed to relog in so that my email wont get deleted. How can they say my email is full when i only have less than 500 emails😁

Anonymous said...

This is still going on in 2016. Just deleted and blocked the send today. Thanks for the information. My gut told me this was not real and so I went searching the web to see who this Senior Director Product Management was and came across your post.