Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    11:39 am (UTC-7)   |    by

    Advertisers beware! Trend Micro researchers recently discovered a phishing attack that targets Yahoo! Search Marketing users. A phishing email that pretends to help update the recipient’s account is spammed to users, hoping to convince them into giving out account credentials. Screenshots below:

    Figure 1: Spammed phishing email containing link to phishing page

    Figure 2: Phishing page asking for Yahoo! Search Marketing credentials

    Yahoo! Search Marketing is an advertising service offered by Yahoo! to users who want their advertisements placed on Yahoo! pages. According to Web information company Alexa, Yahoo! is the Number 1 most popular Web site, thus explaining advertisers’ interest on Yahoo! Web pages.

    Innocent advertisers who might think that this email is indeed a legitimate alert may use their credentials to log in into the phishing page, thus compromising their account. This may lead to the unauthorized use of the user’s Yahoo! Search Marketing account, possibly modifying settings on the account to redirect profits to the phisher. The phisher can also possibly use the account for malicious means such as SEO manipulation and malvertising, both malware distribution techniques we’ve seen not so far back this year.

    The URL and phishing email is now blocked by the Trend Micro Smart Protection Network. Users are advised to disregard any similar, unsolicited emails that arrive on their inbox. It is also important only update their credentials by connecting directly to the Web site, and not by clicking links in spammed emails.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Charli

      As soon as I got it I knew it was fraud. I simply copied the headers and sent it on to yahoo who makes reporting very easy. These companies who are making you go to a website, copy all the info by hand rather then allowing you to forward an email are cutting their own throats. I don't have time to do all that and if they don't care about their customers, why should I. I'll continue to forward abuse emails as long as I can do it by copying the headers and forwarding the email.

    • Pingback: PC World Philippines :: News and Trends :: Internet getting too dangerous for child’s play?()


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice