Yahoo spam - Fake Yahoo 'award' message scam and virus scare:
Internet ScamBusters #19
By Audri and Jim Lanford
Copyright © Audri and Jim Lanford
(except for portion copyrighted by Mecklermedia as noted below)
We hope you're having a wonderful holiday season!
Although we weren't planning to send another Internet ScamBusters in 1997, we read about the following scam in Danny Sullivan's excellent newsletter, The Search Engine Update, in the Dec. 22, 1997, issue (Number 19). We thought this information would benefit Internet ScamBusters subscribers, so we asked Danny for permission to reprint his article. He graciously agreed.
This article was written by Danny Sullivan, Editor, Search Engine Watch. It is (c) Copyright 1997 Mecklermedia, and Reprinted With Permission. Visit http://searchenginewatch.com
Here it is:
Scam: Fake Yahoo "Award"
Message Scam, Virus Scare.
First, a few Yahoo users were told they'd been exposed to a virus. Then, some users were tricked out of their credit card details by someone pretending to work for Yahoo.
On Dec. 8, some people saw a virus warning message left behind in the Yahoo site by hackers. The message said anyone who had visited the site within the last month was infected with a virus that would activate on Christmas Day. Yahoo says there is no such virus, and that the threat is a hoax.
Next, on Dec. 12, someone took advantage of Yahoo's free e-mail service to dupe people into sending them credit card details.
An official sounding message was sent out to an unknown number of people telling them they had won a free 56K modem. To collect their "prize," they were told to send a credit card number to cover a $5 shipping fee.
Yahoo estimates less than 100 people were tricked this way. It is trying to contact all victims and is investigating the crime.
The key to the scam's success was the use of the official sounding "firstname.lastname@example.org" e-mail address.
Anyone can open a free Yahoo e-mail account with fake personal details. This provides them with an address that ends with @yahoo.com, which until the new service began, was a format only available to Yahoo staff. Yahoo chose to make the address widely available to reinforce its brand.
After the new service began, Yahoo corporate addresses changed to a @yahoo-inc.com format. However, many people don't realize this. Thus, it was only a matter of time before someone took advantage of the confusion to pretend they were from Yahoo.
In this scam, a different e-mail account was used to send the message, and the Yahoo address was used to receive messages.
Anyone who receives suspicious e-mail that appears to be from Yahoo is asked to forward the message to email@example.com. The service also provides these tips to avoid fraud. Look out for:
- Someone asking for confidential information such as credit card numbers, bank account information or passwords
- Someone you have never met claiming to be a representative of an online service or any other company
- Someone notifying you that you have won a prize or a contest that you did not enter
Yahoo: Con Artists Collecting Credit Card Info PC World, Dec. 12, 1997
Yahoo recovers from scam, hack News.com, Dec. 12, 1997
Scammers Use Yahoo Again Wired, Dec. 12, 1997
Yahoo suffers short hack attack News.com, Dec. 9, 1997