Hard Light Productions Forums

Off-Topic Discussion => General Discussion => Topic started by: karajorma on January 19, 2011, 01:51:06 am

Title: Yahoo!'s Phishing Scheme
Post by: karajorma on January 19, 2011, 01:51:06 am

I got this email about 5 minutes ago.

Quote

Dear Yahoo! Calendar and Yahoo! Notepad Customer,

Yahoo! Calendar Beta will soon be renamed "All-New Yahoo! Calendar," and Yahoo! Notepad Beta will soon be renamed "All-New Yahoo! Notepad."

The old Yahoo! Calendar and the old Yahoo! Notepad will close soon, and we will move you to the All-New Yahoo! Calendar and the All-New Yahoo! Notepad in the coming few weeks. We will automatically move your Calendar and Notepad information for you. After we move your information, you will receive an email from us confirming that the information has been moved.

After you receive the confirmation email, please set your default options (such as reminders, time zone, etc.) for the Calendar or Notepad by clicking the Options button and going to the Options page.

Advantages of the All-New Yahoo! Calendar and the All-New Yahoo! Notepad

These new versions give you much easier ways to share your calendar, send event invites, color-code calendar layers, zoom in on days, and sync on your mobile device. Some exciting features of the All-New Yahoo! Calendar:

    * Share your calendar: Now it's easy to coordinate plans and keep up with the people you care about.
    * Easy use: See an entire month while focusing on a specific date and time. Create colors for different calendars and make your events stand out.
    * Sync with Mobile and other calendars: Sync with iPhone, iCalendar, Mozilla Lightning/Sunbird, Google, and others.

More important information (http://one.yahoo-email.com/r/0/xx6230bce199hqc1/4f641002225) about the All-New Yahoo! Calendar and the All-New Yahoo! Notepad

Thank you for using Yahoo! Calendar and Notepad. We look forward to your using the new versions.

The Yahoo! Calendar and Notepad team         
               
Please do not reply to this message. This is a service email related to your use of Yahoo! Calendar and Notepad. To learn more about Yahoo!'s use of personal information, including the use of Web beacons (http://one.yahoo-email.com/r/0/xx6230bce199hqc1/4f641002226) in HTML-based email, please read our Privacy Policy (http://one.yahoo-email.com/r/0/xx6230bce199hqc1/4f641002227). Yahoo! UK Limited is located at 125 Shaftesbury Avenue, London, WC2H 8AD

Notice how none of the links actually go back to yahoo.com? :p



Funny thing is that as far as I can tell this is actually legitimate. Someone needs to tell Yahoo's PR department to stop sending out emails that look as though they should have started with "Hello, I'm am Nigerian Royalty....." though.

Title: Re: Yahoo!'s Phishing Scheme
Post by: BengalTiger on January 19, 2011, 05:38:18 am

Yahoo's email site is mail.yahoo.com, not one.yahoo-email.com. I'd say it's social engineering.

Title: Re: Yahoo!'s Phishing Scheme
Post by: karajorma on January 19, 2011, 07:18:04 am

That's what I thought until I did some digging and found this (http://switch.calendar.yahoo.com/m/landing.php).

Then I checked whois and things got really strange.

Quote

   Registrant:
        Domain Administrator
        Yahoo! Inc.
        701 First Avenue
         Sunnyvale CA 94089
        US
        [email protected] +1.4083493300 Fax: +1.4083493301

    Domain Name: yahoo.com

        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:
        Domain Administrator
        Yahoo! Inc.
        701 First Avenue
         Sunnyvale CA 94089
        US
        [email protected] +1.4083493300 Fax: +1.4083493301
    Technical Contact, Zone Contact:
        Domain Administrator
        Yahoo! Inc.
        701 First Avenue
         Sunnyvale CA 94089
        US
        [email protected] +1.4083493300 Fax: +1.4083493301

    Created on..............: 1995-01-18.
    Expires on..............: 2012-01-18.
    Record last updated on..: 2010-10-21.

Quote

Registrant:
        Domain Administrator
        Yahoo! Inc.
        701 First Avenue
         Sunnyvale CA 94089
        US
        [email protected] +1.4083493300 Fax: +1.4083493301

    Domain Name: yahoo-email.com

        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:
        Domain Administrator
        Yahoo! Inc.
        701 First Avenue
         Sunnyvale CA 94089
        US
        [email protected] +1.4083493300 Fax: +1.4083493301
    Technical Contact, Zone Contact:
        Domain Administrator
        Yahoo! Inc.
        701 First Avenue
         Sunnyvale CA 94089
        US
        [email protected] +1.4083493300 Fax: +1.4083493301

    Created on..............: 2000-06-18.
    Expires on..............: 2018-06-18.
    Record last updated on..: 2010-10-21.

Now I'd imagine that the email that the registrar would at least verify the email account used to register the domain but they both match. So is this a phishing scheme or not?

Title: Re: Yahoo!'s Phishing Scheme
Post by: achtung on January 19, 2011, 07:25:41 am

Entering fake whois data is easy.

Title: Re: Yahoo!'s Phishing Scheme
Post by: karajorma on January 19, 2011, 07:46:46 am

They really don't even check the email address? Maybe Yahoo should think about changing who they register with then. :p