Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 25th, 2008

Yahoo! Groups Are Used By Phishers To Send Personalized Scam Emails

A spam campaign that sends personalized phishing emails through Yahoo! Groups has recently been reported by TrendLabs researchers, Jake Soriano and Grace Ermitanyo (who provided detailed analysis about this attack). Phishers appear to have sent phishing emails through Yahoo! Groups via either the standard posting methods through Yahoo! Groups site’s Post Message feature or through sending an email to the group’s address. Thus, users who receive this email from a Yahoo! Group (of which they are members) are likely to believe that it is legitimate.

The success of this phishing attempt further depends on how the group mailing list is actually moderated. There are settings in Yahoo! Groups spam abuse prevention that allow the moderator to approve all messages before they are sent out to members.

The phishing email provides a link that redirects the recipient to a website with a fake form. The form steals user identities by gathering personal and sensitive user information, such as phone numbers, PINs, passwords, account numbers and debit card numbers. These details are sent over to the phishers who may then peruse the information themselves or sell them in underground forums to cyber criminals.

In one particular case, clients of the Royal Bank of Scotland ( are targeted. In phishing email the URL is different from the actual bank domain and redirects to

Moderators of Yahoo! Groups are advised to read about their options related to keeping their members safe from spam and phishing attempts at the Yahoo! Groups FAQ on spam abuse prevention.

Share this item with others:

More on CyberInsecure:
  • Yahoo! Marketing Hit By Phishers, Phished Accounts Lead To Malvertising And Malware Distribution
  • Paypal Is Being Used In Popular Nigerian 419 Scam
  • Microsoft’s “Experimental Security Fix” Is Actually A Malware
  • Cross-site Scripting Vulnerability On Yahoo’s HotJobs Site Exposes Yahoo Accounts
  • Spammers Successfully Avoid IP Address-Based Reputation By Using Free E-mail Providers

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Yahoo! Groups Are Used By Phishers To Send Personalized Scam Emails

    2 Responses to “Yahoo! Groups Are Used By Phishers To Send Personalized Scam Emails”

    1. Ken Bentzen Says:
      January 2nd, 2010 at 2:06 am


      Where should I write to complain about a yahoo mail which is used for dating scam?

      Best regards


    2. @Ken, better be careful. Do not easily trust. Investigate first.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.