Email scams: don’t fall for it!

A common scam that hacks your email

I just received an email from “noreply@email.yahoo-inc.com” and was immediately suspicious.

Screenshot_061713_085018_AM

Why was I suspicious? Several reasons:

  1. The from address looks fishy. It’s from “yahoo-inc.com” not “yahoo.com”. A hacker can go and register “reallytrulyfromyahoo.com” for a few bucks, and all of a sudden people think they are really, truly from Yahoo.
  2. It’s asking me to “reactivate my account”. The email encourages me to follow a link, where I would be entering my password. A hacker could set up a page that looks like it’s from Yahoo, send an email like this from hacktastic@reallytrulyfromyahoo.com and collect people’s yahoo passwords, then go and use them to hack into their accounts.

These are called “phishing” scams. They’re baiting you to give them your data.

This exact thing has happened to a client recently, and she started to realise how much she lives her life through email.

All her friends received an email (from her address) telling them she was stuck overseas and desperately needed them to send her money.

Her bank details were in her email account, as well as many other things that could add up to full blown identity theft.

Think about a criminal having access to all of your emails, and you might break out in a sweat.

Similar “phishing” methods are often used to collect internet banking passwords, from addresses like “comm.bank-office.com”. Only a few people need to fall for it for the scam to be profitable. It’s just a numbers game for these people.

Maybe this one is safe, but don’t do take the bait!

I looked into it, and this one might be legitimate.

Why Yahoo would follow the same exact process that so many “phishing” scams do is beyond me. They must be aware that this happens, and should be trying to differentiate the official process, not do the same thing a hacker does.

However, even if it is legitimate (this time), my recommendation:

NEVER reactivate your account by clicking the links in an email like this.

If you truly want to reactivate your account, then open a new window or tab, and go to the real website (in this case, yahoo.com) and log in as you normally would.

If it’s real, then you’ve reactivated your account. If the email was fake, then you haven’t given them your password, and you’re ok.