In a previous post, I explained about how Yahoo Mail accounts can be compromised by phishing.
In this blog post, I am going to be brief and just expose the phishing information and hosts used.
Step 1 – Looking at the email
Lots of red flags here, just by looking at the email:
- The email sender’s apparent address is weird
- The email’s subject is also unusual
- The email’s body is also fishy and not true
Step 2 – Revealing the real sender
Click on the sender to reveal the actual email address:
Now we can see that the real sender is “jcwod@aol.com”. It could be this is the real malicious user or not, but anyway.
When I search for this email on Facebook, I found this profile:
Which in reality could be nothing.
Step 3 – Investigating the link in the email
In step one, the malicious email sender invited you to click on an address to fix the aforementioned “problem”.
Do not click, instead, hover the mouse over the link and look at your status bar. You will see something like this:
This is a shortened address. In this case, it is used to hide the malicious web address. Let us use the GetLinkInfo.com to reveal the real address:
The address is, obviously, not related to Yahoo! It is: “http://tuckertownforge.com/perfected01/index.html”.
I don’t advise you to go to that address, there could be a browser exploit or equally the phishing site.
The phishing site is supposed to look like Yahoo mail:
DO NOT enter your user name and password on that FAKE SITE!
You may also like: