Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Phishers Target Yahoo Users

image
JULIEN SOBRIER
June 04, 2013 - 1 min read
Yahoo Mail introduced two-factor authentication in December 2011. Two-factor authentication can be used to prevent suspicious access to an account (login from a different country, numerous failed login attempts, etc.) and can be used to verify a user's identity when asking for a password reset.

Two-factor authentication has been in the news a fair bit lately as LinkedIn and Twitter have recently begun to offer the feature. We encountered an example whereby a phisher actually took advantage of heightened awareness of two-factor authentication to aid in an attack. The scam involved spoofed e-mails, which claim that all Yahoo users must turn on two-factor authentication:
 
Image
Phishing e-mail to Yahoo Mail users

The e-mail has a spoofed FROM address (@yahoo.com) and a fake link to http://update.yahoo.com/. The user clicking on this link is actually redirected to a phishing page at http://www.antek.com/pics/tiles/yahoo.com.html as shown below:
 
Image
Yahoo phishing page
At present, this URL is blocked by Google Safe Browsing (Firefox, Chrome, Safari) but not by Internet Explorer.

Yahoo is now shutting down their Yahoo Mail classic interface and forcing users to their new e-mail platform. This will no doubt be another great opportunity for phisher to take advantage of confused users.
form submtited
Thank you for reading

Was this post useful?

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.