• Yahoo Phishing Mail real case study

    This article shares one real case study. How hacker uses a phishing site to steal your ID/PWD.

     

    First, you receive mail from “Customer Service” with mail subject “Yahoo Mail Update Required!”

    YahooMail Update

     

     

     

    If we take closer look of the mail sender address, it shows “lbergen@shaw.ca”

    Obviously, it’s NOT from yahoo. However, if you are using mobile phone to read the mail, it’s very difficult to observe and notice it.
    Yahoo mail update

     

    Once you click the “Update” link in the mail, it will direct you to the phishing site.

    rdgdfsd.altervista.org/acctupdate.html

    Again, it’s NOT yahoo site. In addition, it’s an ORG site URL. “.org” site can also be used as phishing site not only .com.

     

    It also shows you the popup window and require you to do sign-in again.

    yahoo signouAs you see the site looks exactly the same as Yahoo
    Yahoo Phshing Site

     

    if we use “virustotal.com” to analyze the URL, you will see the detection ratio is getting higher. 8/61.  It means 8 antivirus vendors detects this URL as suspicious site out of 61 vendors.

    virusTotal Analysisa

    Posted by Tony @ 6:53 am

    Tags:

  • Leave a Reply

    Your email address will not be published.