Yahoo Phishing Site to steal your ID/PWD real case study

Yahoo Phishing Mail real case study

This article shares one real case study. How hacker uses a phishing site to steal your ID/PWD.

 

First, you receive mail from “Customer Service” with mail subject “Yahoo Mail Update Required!”

YahooMail Update

 

 

 

If we take closer look of the mail sender address, it shows “lbergen@shaw.ca”

Obviously, it’s NOT from yahoo. However, if you are using mobile phone to read the mail, it’s very difficult to observe and notice it.
Yahoo mail update

 

Once you click the “Update” link in the mail, it will direct you to the phishing site.

rdgdfsd.altervista.org/acctupdate.html

Again, it’s NOT yahoo site. In addition, it’s an ORG site URL. “.org” site can also be used as phishing site not only .com.

 

It also shows you the popup window and require you to do sign-in again.

yahoo signouAs you see the site looks exactly the same as Yahoo
Yahoo Phshing Site

 

if we use “virustotal.com” to analyze the URL, you will see the detection ratio is getting higher. 8/61.  It means 8 antivirus vendors detects this URL as suspicious site out of 61 vendors.

virusTotal Analysisa

Leave a Reply

Your email address will not be published. Required fields are marked *