Advertisers beware! Trend Micro researchers recently discovered a phishing attack that targets Yahoo! Search Marketing users. A phishing email that pretends to help update the recipient’s account is spammed to users, hoping to convince them into giving out account credentials. Screenshots below:
Figure 1: Spammed phishing email containing link to phishing page
Figure 2: Phishing page asking for Yahoo! Search Marketing credentials
Yahoo! Search Marketing is an advertising service offered by Yahoo! to users who want their advertisements placed on Yahoo! pages. According to Web information company Alexa, Yahoo! is the Number 1 most popular Web site, thus explaining advertisers’ interest on Yahoo! Web pages.
Innocent advertisers who might think that this email is indeed a legitimate alert may use their credentials to log in into the phishing page, thus compromising their account. This may lead to the unauthorized use of the user’s Yahoo! Search Marketing account, possibly modifying settings on the account to redirect profits to the phisher. The phisher can also possibly use the account for malicious means such as SEO manipulation and malvertising, both malware distribution techniques we’ve seen not so far back this year.
The URL and phishing email is now blocked by the Trend Micro Smart Protection Network. Users are advised to disregard any similar, unsolicited emails that arrive on their inbox. It is also important only update their credentials by connecting directly to the Web site, and not by clicking links in spammed emails.