Yahoo! Scam Tricks Users Into Setting Up Email Accounts For Spammers

London, 1 November 2004 – MessageLabs, the leading provider of managed email security services to businesses worldwide, is today urging Yahoo! members to be wary of fraudulent emails asking them to verify their Yahoo! ID code. The email request, which claims to help Yahoo! prevent automated registrations, tries to dupe users into creating email accounts from which spammers can then distribute large quantities of unsolicited emails.

The emails contain a fake Yahoo.com URL that leads to a completely different site, but redirects through a Google URL three times to obfuscate the link. It then redirects to another fake Yahoo web address that loads a real Yahoo help page with legitimate information explaining the code verification process, followed by a fake pop-up window which shows the user a Yahoo picture ID and asks them to enter the code.

Alex Shipp, Senior Anti-Virus Technologist at MessageLabs said: “This scam is another demonstration of how spammers and fraudsters attempt to manipulate computer users into doing their dirty work for them. Not only do they try and turn innocent users’ machines into zombies for spam distribution, but they want them to set up new email accounts for them as well. The advantages for a spammer include increased capacity and flexibility when sending spam, as well as making it harder to trace the spammers themselves.”

The Yahoo! scam emails are being detected in relatively low volumes, possibly because the scammers are trying to maintain a low profile. Relating back to previous scams detected by its anti-spam service, MessageLabs has noted that the method follows a similar pattern to phishing attacks directed at a well-known US bank back in September. The bank phishes had the same triple Google redirection, suggesting that the same team could be responsible for both scams.

Email characteristics

Subject: Automatic Yahoo identifier completion

Body text:

Dear Yahoo! Member,

We must check that your Yahoo! ID was registered by real people. So, to help Yahoo! prevent automated registrations, please click on this link and complete code verification process:

[ URL removed ]

Thank you.

About MessageLabs

MessageLabs is the leading provider of managed email security services to businesses based on market share, according to a Yankee Group Security Solutions & Services, February 2004 report. The company offers industry-leading managed Anti-Virus, Anti-Spam, Image Control and Content Control services to more than 9,000 businesses around the world to combat email threats before they reach corporate networks and without the need for additional hardware or software. Powered by a global network of data centres spanning four continents, MessageLabs scans tens of millions of emails each day on behalf of clients such as The British Government, The Bank of New York, Bertelsmann, CSC, Diageo, Orange, Random House, SC Johnson and StorageTek. The service is also available through more than 600 channel partners, including BT, Cable & Wireless, CSC, IBM, MCI and Unisys. For more information on MessageLabs, please visit www.messagelabs.com.