Phishing Criminals Take Aim at Yahoo Ad Services

Yahoo! Marketing users are the target of a new phishing scam being detected today by the eSoft Threat Prevention Team. Webmasters receive a very believable notification that their Yahoo Marketing account has expired with a link to login and presumably reactivate the account.

If the user follows the link, they’re presented with an authentic looking login page where the phishing attack takes place. The username and password entered here are delivered to the attackers for further exploitation. With these credentials, criminals can hijack paid advertisements, replacing legitimate ads with their own malicious links or code.

The “hook” in this scam is a classic warning of impending account closure.  The domain being used to serve the phishing attack was registered only today, but has an authentic ring to it. The URLs also use a marketingsolutions.yahoo subdomain to make the URL seem more authentic.




At the time of detection, none of the major search engines or public phishing lists detected this URL as malicious.