Yahoo! E-mail Account Hack Phishing Scam
Received-SPF: none (domain of yahoogroups.co.uk does not designate permitted sender hosts)
Authentication-Results: mta1096.mail.ukl.yahoo.com from=yahoogroups.co.uk; domainkeys=neutral (no sig);
from=yahoogroups.co.uk; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mail.o2.co.uk) (126.96.36.199)
by mta1096.mail.ukl.yahoo.com with SMTP; Mon, 16 Jul 2012 01:52:27 +0000
Received: from hp-pc (188.8.131.52) by mail.o2.co.uk (8.5.119.05) (authenticated as email@example.com)
id 4F3CE39718035F65; Mon, 16 Jul 2012 02:35:27 +0100
Message-ID: <x@> (added by firstname.lastname@example.org)
Date: Tue, 17 Jul 2012 02:51:07 +0100
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Antivirus: avast! (VPS 120715-1, 07/15/2012), Outbound message
The link in the original e-mail takes you to a Google Docs Response Form. Now any clever person will ask himself/herself the question, why would Yahoo! use a service from Google to update one of their own accounts. Another give away is the password box. The password is not masked, but visible in clear text, so although the link takes you to an SSL encrypted page, the mechanics of this page should give away its intentions.
What appears to be an e-mail from Yahoo! Groups, is actually an e-mail from an o2.co.uk e-mail account. Looking at the e-mail header, it appears to be from a computer infected by some malware, so that is the reason why we removed parts of the e-mail address where this spam message actually came from, because it is more likely that the spam came from a victim of a malware infection, than the spammer himself.
Below is a screenshot of what the form looks like:
Related Cyber Criminal Profiles:No related profiles found.
Similar Spam Examples:PayPal Phishing Scam - PayPal Alert: Security Checkpoint
Paypal Phishing Scam - Important Message
Yahoo Phishing Scam - ********WARNING********
Yahoo! Phishing Scam - U P D A T E
Facebook Phishing Scam - Blocked account