d3500ram
Colorado
Senior Member
Joined: 07/31/2006
View Profile
|
I received a "notification" in my inbox this morning.
On the surface it looked "legit" but I always scrutinize the email address from which it was sent, such is the case for this...
...the address, which may be difficult to read (as noted by the red arrow below) is "cjgb.co.kr"
If legit, I would think it would be from an @yahoo.com address!
For yahoo users, has anyone received a request to update their password?
![[image]](https://i.imgur.com/zhe8YqEl.jpg)
|
valhalla360
No paticular place.
Senior Member
Joined: 08/19/2009
View Profile
Good Sam RV Club Member
|
Standard Phishing technique.
It's easy to create an email that looks legitimate. If you click on the link, it will likely ask for your user info including password...then they have access to your account.
Unless you just requested something (ie: you just ordered an air compressor on amazon and you recieved an email 5 min later from amazon saying here is the info for your air compressor purchase), generally don't click on email links.
- Preferably go to the website directly from your normal method (not the email link) and from there see if they are asking for the same info.
- If you really feel the need to click on the link, check the email address (not the name associated which is easy to fake...in the above example it shows "yahoo" but the email has no reference to "yahoo" ). It should reference the website (be careful of endings other than ".com". The above example is ".kr" implying Korea, though that could be faked also and other country codes are often used when the ".com" site is already taken by the legitimate site.).
Tammy & Mike
Ford F250 V10
2021 Gray Wolf
Gemini Catamaran 34'
Full Time spliting time between boat and RV
|
bdpreece
Yuma Arizona / Oregon Traveler
Senior Member
Joined: 05/27/2004
View Profile
Good Sam RV Club Member
 Offline
|
Never click on email links. Just use your normal way to get to Yahoo and then click on change password and change it. That way if it needed to be changed you are safe. If it didn't need to be changed; no harm done.
Brian, Loretta & Daisy (Golden Retriever)
2008 Holiday Rambler Endeavor PDQ40
2014 Ford Explorer toad
|
RetiredRealtorRick
St. Augustine Beach, FL
Senior Member
Joined: 04/17/2020
View Profile
|
. . . and just looking at it, I see the 'E' of expire and the 'S' in support are both capitalized. The mark of a scam for sure. Organizations the caliber of Yahoo! would let something like that slip by them prior to sending out an email.
. . . never confuse education with intelligence
|
d3500ram
Colorado
Senior Member
Joined: 07/31/2006
View Profile
|
Thanks folks, confirming my suspicions.
|
|
|
1492
Arlington, VA
Moderator
Joined: 04/08/2005
View Profile
|
It is a typical phishing scam to get your email account info. At least you were vigilant to check the sender's email address. Though many fall for this.
Why it can be of concern is that many use a single email account for all accounts including financial or biz accounts. If compromised, a scammer may look at your emails for financial related accounts. Then submit a forgot login to the website. The reset login would typically be sent to that email address, allowing a hacker to change the login and access your other accounts. This is a compelling reason to use two-factor authentication for account access or any changes. Most financial sites already require this.
It's a better practice to never click links in an email, and go directly to the website itself. One trick a hacker may try is to inject malware in vulnerable systems by directing you to their compromised site first in email links, before redirecting you to the actual website. Best to just go to the website itself, and get rid of the middle man (aka MiM).
* This post was
edited 08/18/21 03:25pm by 1492 *
|
LouLawrence
Traveling the US!
Senior Member
Joined: 03/16/2021
View Profile
|
Why would your password suddenly be about to expire?
Pretty much the answer right there.
Glad you caught it and did nothing with it.
|
MrWizard
Traveling
Moderator
Joined: 06/27/2004
View Profile
|
Good thing you caught that and was suspicious
Your self created password does not expire !!
Only temporary login passwords sent to you from the website do this, and they are only sent , After you verify who you are, because you forgot your password
I get phishing emails and texts every week, supposedly from banks to fix some error, I DON'T have any accounts with those banks,
The scammers buy email addresses list, and then send out their phishing attempts,
Use an auto text program pick and area code and send out scam texts to All possible phone numbers ,
With 7 numbers after the area code that about a million phone numbers, even just one exchange prefix the last 4 numbers provide a chance to send out thousands of scam texts
Or robot calls
I can explain it to you.
But I Can Not understand it for you !
....
Connected using Verizon and AT&T
1997 F53 Bounder 36s
|
wa8yxm
Davison Michigan (East of Flint)
Senior Member
Joined: 07/04/2006
View Profile
Offline
|
It's a scam
If you get something like that or any of a thousand others that even have the slighest aroma of "Possible scam" do not click on any links
Go to the claimed source via bookmark or manual typing of known URL
IE. yahoo.com or mail.yahoo.com
And go then do it from there
What happens is and I'll give you an example
NOTE this link IS safe,, but it's a lie
YourMail.com
it appears to link to the fictional your mail web site (I coudl put anything I liked in there
It links... to this thread
Home was where I park it. but alas the.
2005 Damon Intruder 377 Alas declared a total loss
after a semi "nicked" it. Still have the radios
Kenwood TS-2000, ICOM ID-5100, ID-51A+2, ID-880 REF030C most times
|
BB_TX
McKinney, Texas
Senior Member
Joined: 04/04/2005
View Profile
Offline
|
You did right by checking the email address. Always do that of a suspicious email.
I sometimes get emails of that type. And sometimes with an actual personal contact’s name as sender. But clicking on the email address invariably shows some address different than what initially shows. Standard spam phishing technique.
|
|
|
