Yahoo! Wallet Scam

In my Yahoo! email account this morning I received this message:
Dear Yahoo! User, We encountered a billing error when attempting to renew your Yahoo! service. This type of error usually indicates that either the credit card you have on file has expired or that the billing address we have is not current.

This is your final notice. Please take a moment to update your credit card information by clicking here and submitting your information.

Please note that we will attempt to renew your service five days from today. If we are still unable to charge your credit card at that time, your service will be terminated.

Sincerely, Yahoo! Billing Department

Ooh, scary. I should act on it right away. Bzzzt..

This is a classic “phish” scam. Send out an authentic looking email and point to an authentic looking site in order to grab credit card numbers from unsuspecting people.

NEVER, EVER, RESPOND TO SUCH AN EMAIL WITH YOUR CREDIT CARD INFORMATION, OR FILL OUT THE FORM. Sadly there are many people who will receive this, not suspect anything, and go ahead and give someone free access to their credit card.

In my Yahoo! email account this morning I received this message:
Dear Yahoo! User, We encountered a billing error when attempting to renew your Yahoo! service. This type of error usually indicates that either the credit card you have on file has expired or that the billing address we have is not current.

This is your final notice. Please take a moment to update your credit card information by clicking here and submitting your information.

Please note that we will attempt to renew your service five days from today. If we are still unable to charge your credit card at that time, your service will be terminated.

Sincerely, Yahoo! Billing Department

Ooh, scary. I should act on it right away. Bzzzt..

This is a classic “phish” scam. Send out an authentic looking email and point to an authentic looking site in order to grab credit card numbers from unsuspecting people.

NEVER, EVER, RESPOND TO SUCH AN EMAIL WITH YOUR CREDIT CARD INFORMATION, OR FILL OUT THE FORM. Sadly there are many people who will receive this, not suspect anything, and go ahead and give someone free access to their credit card.

Some warning signs are evident from the text of the note itself. It's obviously spam since Yahoo! in theory would have access to at least know my name, instead of "Dear Yahoo! User". Second, no contact name or phone information is provided, another warning sign.

If we take a look at the mail headers:

X-Apparently-To: USERID@yahoo.com via 216.136.129.241; Tue, 30 Sep 2003 04:25:35 -0700 
X-YahooFilteredBulk: 61.123.74.87 
Return-Path: <update@yahoo-wallet.com>
Received: from 61.123.74.87 (HELO SDDfa-01p3-87.ppp11.odn.ad.jp) (61.123.74.87) by mta110.mail.sc5.yahoo.com with SMTP; Tue, 30 Sep 2003 04:25:34 -0700 
Received: from flirble.org [213.165.171.29] by SDDfa-01p3-87.ppp11.odn.ad.jp (Postfix) with ESMTP id 9A73B4E4379E for <USERID@yahoo.com>; Tue, 30 Sep 2003 19:24:25 +0000 
Date: Tue, 30 Sep 2003 19:24:25 +0000 
From: "Update" <update@yahoo-wallet.com>
Subject: Important Information Regarding Your Account  

The first surprising thing is that Yahoo! didn't flag this in any way even though the message has fake Yahoo! headers within it. The next thing to notice is the two Received: headers. One references a site in Japan, another references "flirble.org". flirble.org doesn't exist, however the IP Address referenced [213.165.171.29] reverse resolves to "d0-171-29-d.u25.onvol.net", which appears to be a dynamic domain name from the onvol.net ISP in Malta. Now, there's no guarantee that that is the originator of this spam, however it's a good place to start.

The next thing to look at is the website: Screen shot of False Yahoo! administrator email.

First red flag: it's not in the yahoo.com domain. Second, it doesn't use SSL (the URL is http:// instead of https://). It even says it uses SSL but it's obviously both from the initial URL as well as the URL in the form (if one views the source) that it's not a secure site. Third, again, if it's Yahoo! asking you for this information, then logically they know who you are and would just need you to login into the appropriate Yahoo! site.

I don't know how many people use Yahoo! email, let's say it's 500,000. If 1% of those people (5,000) fall for this that's a lot of credit cards. If even .01% fell for it that's still 50 people too many.

Don't be fooled by these things, and more important, if you know someone who may be fooled warn him or her.

  • Unsolicited requests for credit card information are highly suspect.
  • Companies you do business with regularly may keep your information on file. Make sure it's secured both by a userid and password as well as SSL.

    If you are using a form that requires personal information or credit card information, look for the "key" or lock symbol on your browser. If you have any doubts about the authenticity of the site, examine the SSL certificate. It's brwoser depenedent, but on MSIE you can double click the "key" symbol in the browser frame. Look for the domain name to match what you expect (ie: something.yahoo.com instead of firble.org). You can even view a detailed breakdown of the key to see who issued it. Caution: anyone can create an SSL certificate, it's not trivially easy but it's not that hard either. If your browser warns about the authenticity, does not recognize the "signer" of the certificate you may well want to cancel the transaction.

  • Unless you have a regularly recurring bill for an online service, there's little reason for a company to contact you online for your credit card infromation.
  • If you are contacted, make sure you use what you know to be the company's profile, userid, or briefcase web site, not something pointed to in the email.

«Your Single Point of Failure is your Best Employee | Main |Thinkpad: Cancelled »

:
:

Enter your email address:

Delivered by FeedBurner