Yahoo scam...?
I received a "notification" in my inbox this morning. On the surface it looked "legit" but I always scrutinize the email address from which it was sent, such is the case for this... ...the addres...
Forum Discussion
It is a typical phishing scam to get your email account info. At least you were vigilant to check the sender's email address. Though many fall for this.
Why it can be of concern is that many use a single email account for all accounts including financial or biz accounts. If compromised, a scammer may look at your emails for financial related accounts. Then submit a forgot login to the website. The reset login would typically be sent to that email address, allowing a hacker to change the login and access your other accounts. This is a compelling reason to use two-factor authentication for account access or any changes. Most financial sites already require this.
It's a better practice to never click links in an email, and go directly to the website itself. One trick a hacker may try is to inject malware in vulnerable systems by directing you to their compromised site first in email links, before redirecting you to the actual website. Best to just go to the website itself, and get rid of the middle man (aka MiM).
Why it can be of concern is that many use a single email account for all accounts including financial or biz accounts. If compromised, a scammer may look at your emails for financial related accounts. Then submit a forgot login to the website. The reset login would typically be sent to that email address, allowing a hacker to change the login and access your other accounts. This is a compelling reason to use two-factor authentication for account access or any changes. Most financial sites already require this.
It's a better practice to never click links in an email, and go directly to the website itself. One trick a hacker may try is to inject malware in vulnerable systems by directing you to their compromised site first in email links, before redirecting you to the actual website. Best to just go to the website itself, and get rid of the middle man (aka MiM).
