Spammers dupe Yahoo! users in new scam
By Matt Whipp
Posted on 1 Nov 2004 at 12:13
Yahoo! users are being duped into opening email accounts for spammers, according to security experts.
UK security company MessageLabs say it is detecting dubious emails that claim to be sent from Yahoo! and request the recipient to confirm their identification by using a picture ID.
The picture ID - an image of a group of words and numbers - is used to prevent spammers sending out bots to automatically open email accounts through which they can subsequently send spam. Such an image is known as a Captcha test (Completely Automated Public Turing test to tell Computers and Humans Apart).
So by duping Yahoo! users into filling out the picture ID for them, the spammers are getting joe public to do the donkey work.
Alex Shipp, Senior Anti-Virus Technologist at MessageLabs said: 'This scam is another demonstration of how spammers and fraudsters attempt to manipulate computer users into doing their dirty work for them. Not only do they try and turn innocent users' machines into zombies for spam distribution, but they want them to set up new email accounts for them as well. The advantages for a spammer include increased capacity and flexibility when sending spam, as well as making it harder to trace the spammers themselves.'
The email arrives with the subject line 'Automatic Yahoo identifier completion', and the following message:
'Dear Yahoo! Member,
We must check that your Yahoo! ID was registered by real people. So, to
help Yahoo! prevent automated registrations, please click on this link and
complete code verification process:
[ URL removed ]
Thank you.'
The link is a fake Yahoo.com web address that leads to a completely different site, but redirects through a Google URL three times to hide this fact. It then redirects to another fake Yahoo web address but which loads a real Yahoo help page explaining the code verification process. Finally it pops up window which shows the user a Yahoo picture ID and asks them to enter the code.
Such a ruse has been used before. In May of this year, spammers used the trick of offering users free access to porn if they completed a picture ID.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
