Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Another phishing scam is targeting Yahoo users

A new phishing scam is targeting Yahoo users worldwide, this campaign could be ineffective if we share awareness about bad actors’ TTPs. A new large-scale scam is trying to deceive Yahoo users that are receiving a phishing email that asks for “Yahoo Account Confirmation.” The phishing email claims to be sent by Yahoo, it requests […]

Another phishing scam is targeting Yahoo users

A new phishing scam is targeting Yahoo users worldwide, this campaign could be ineffective if we share awareness about bad actors’ TTPs.

A new large-scale scam is trying to deceive Yahoo users that are receiving a phishing email that asks for “Yahoo Account Confirmation.”

The phishing email claims to be sent by Yahoo, it requests to the owners of accounts to access their profile to solve a security issue. The phishing message invites Yahoo users to click on the “Authentication Page” button included in the message for fixing the security issue.

As usual the attackers behind the phishing campaign used social engineering techniques to convince victims to click on the button in order to authenticate themselves to the Yahoo platform.

The message urges users to complete the authentication procedure in order to avoid the suspension of the account.

“your account will be blocked within 48 hours and you won’t be able to send or receive emails.”

yahoo phishing-email

 

By clicking on the button embedded in the malicious emails, users are redirected to a fake website that appears as an exact copy of the legitimate one.

The bogus page will ask Yahoo users for their Yahoo ID and Password, of course, bad actors managing the campaign aim to collect users’ credentials and any other information that could allow them to compromise the Yahoo account.

The hijacked Yahoo account could be sold in the underground or could be used to send out other scam messages and spam emails on behalf of the victims.

As usual let me suggest you to avoid opening any unsolicited email that ask you to perform an action urgently. Never open any attachment neither click on a URL embedded in the body of the messages.

If you know the TTPs of your enemy you will avoid problems 😉

Pierluigi Paganini

(Security Affairs –  Yahoo, scam)