Yahoo Email Scam Targets Users with Attachments

There are countless ways that scammers send out viruses, malware, and fraud attempts, but they’re only effective if you fall for it. That’s why the famous Nigerian prince emails always had a lengthy “sob story” to them; if they could engage you in the circumstances, you’d be more likely to participate in their plot.

Scam emails have run the gamut from “I need your help getting my money out of the country” to “my mother has died and told me to leave half her fortune to a good person like you.” There are many, many other variations, but they all function to get you to either click a link, open an attachment, or hand over your information.

Some of these emails at least try to appear genuine, and the most common method is to “spoof” a legitimate company and make you think there’s a problem. It might be an email from PayPal or Visa telling you there’s a problem with your account, or an email from Microsoft letting you know your computer is infected with a virus—that one’s especially funny since the goal of the email might be to infect your computer with a virus!

Take a look at this example that a staff member at the ITRC actually received, which claims to be from Yahoo:



This email might seem legitimate since it comes from Yahoo and the recipient is a Yahoo user. That was easy enough for a scammer to accomplish simply by limiting this email to Yahoo account holders. But let’s break down the content of the email body.

1. There are so many grammatical errors – What is a “value user?” Since when did “cannot” become two words? When did we stop capitalizing the first word of a sentence, as in the word “please?” Who puts a period after their name in the closing of a letter?

2. Look at the sender – What in the world is the Yahoo Validation Group? Just because there’s a TM for “trademark” after their name, that’s supposed to make it legitimate?

3. Hover over the sender – If you let your cursor rest over the sender’s name, it actually opens up the name of the account that sent this email: j******.g**** (name redacted to protect his privacy). A quick Google search of that email address turns up a Facebook account for a young man in the Philippines, which means his Yahoo account was hacked and used to send this message to hundreds or even thousands of recipients. He doesn’t work at Yahoo, he simply has a Yahoo email address like millions of other people.

The real goal was to get the recipient to open the attachment. Harmful attachments were the method of choice in the early days of mass email fraud, but were phased out in favor of an included link that downloads a virus. Too many email providers had built-in safeguards that scanned attachments for malicious content or blocked them outright just for being annoying. Now, with new changes to Microsoft Word and the way it processes macros, scammers are returning to the attachment ploy.

Remember, any time you receive an email—whether an unrecognized sender or from someone you know as their account could have been hacked—proceed with caution. Don’t click the link, don’t open the attachment, and whatever you do, don’t hand over any sensitive information. If it’s genuine, you can verify that easily with a quick message to the sender or by checking in with the company who supposedly sent it.

Questions about identity theft? Connect with the ITRC through our toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.

Pin It


ITRC Sponsors and Supporters 





Go to top


The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.