More about Yahoo Mail phishing

In a previous post, I explained about how Yahoo Mail accounts can be compromised by phishing.

In this blog post, I am going to be brief and just expose the phishing information and hosts used.

Step 1 – Looking at the email

mail-body

 

 

Lots of red flags here, just by looking at the email:

  1. The email sender’s apparent address is weird
  2. The email’s subject is also unusual
  3. The email’s body is also fishy and not true

Step 2 – Revealing the real sender

Click on the sender to reveal the actual email address:

real-sender

 

 

 

 

 

 

 

Now we can see that the real sender is “jcwod@aol.com”. It could be this is the real malicious user or not, but anyway.

When I search for this email on Facebook, I found this profile:

profile

Which in reality could be nothing.

Step 3 – Investigating the link in the email

In step one, the malicious email sender invited you to click on an address to fix the aforementioned “problem”.

Do not click, instead, hover the mouse over the link and look at your status bar. You will see something like this:

phishing-url-hidden

This is a shortened address. In this case, it is used to hide the malicious web address. Let us use the GetLinkInfo.com to reveal the real address:

link-resolved

The address is, obviously, not related to Yahoo! It is: “http://tuckertownforge.com/perfected01/index.html”.

I don’t advise you to go to that address, there could be a browser exploit or equally the phishing site.

The phishing site is supposed to look like Yahoo mail:
yahoo-phishing

DO NOT enter your user name and password on that FAKE SITE!


You may also like:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.