Yahoo - Important Information Regarding Your Account - Email Scam
21st January 2004

Do you really need to update your Credit Card details at Yahoo? Not this time, its a scam ...

This spoof email scam takes the form of a HTML text message with a link (see image below). The link is disguised to conceal the true location of the web page that it will take you to...

The 'here' link will actually take you to a forged Yahoo page at http://211.174.60.96/ although you may not see this URL in your address bar as this scam exploits a known bug in Internet Explorer browsers. This bug allows the URL shown in the address bar to be spoofed (forged) in which case, you will se http://wallet.yahoo.com (see image below).

The URL http://211.174.60.96/ resolves to a Korean ISP and is therefore absolutely nothing to do with Yahoo at all.

This bug has been increasingly exploited by email scammers of late, and we eagerly await a patch from Microsoft. The vulnerability can also allow a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the cloaked link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker.

If you have received this email, please remember that it is very
common for these email scams to be redistributed at a later date
with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

Take a good look at the following images, because this email scam may be coming to an inbox near you!

The Email ...

The forged web page...