A phishing e-mail; this is NOT from British Telecom or Yahoo!
Which ISP do you use? I’m with British Telecom, the largest ISP in the UK. BT as it is known – sometimes affectionately, sometimes not so – has partnered with Yahoo! so my BT Yahoo! account has a nifty protection gimmick developed by the American giant, the sign-in seal. If you’re not with Yahoo! or are unfamiliar with the concept, basically you upload a photo, scan or screengrab of your choice to your account, and whenever you sign in, you will see that seal. If you don’t see it, you have arrived at a fake website and are in the process of being scammed. How likely is that? The sad answer is very; here is what happened to Yours Truly today.
The first screengrab below is a plausible looking e-mail, but click on the “Click Here” notice and you are taken to a fake site. The second grab is that fake site; note the url at the top of the screen? This is clearly not a legitimate sign-in page, but a page on a domain called http://www.x11s.org/ – a legitimate free hosting company. The Yahoo.html at the end is the name of a fake page. Note there is no protective seal showing here, so even if I missed the bogus address, I would still know I was on a fake site. If you remove Yahoo.html from the address, you will be taken to http://www.hydnhfdur.x11s.org/bell-upgrade/
Click on the top link, for parent directory, and you will be taken to the third grab below; this site was set up only yesterday, clearly for people who were born yesterday. Finally, the fourth grab shows what I should see when logging into my e-mail account; the black box is where my seal appears. Heck, I’m not gonna show you the real one!
A phishing e-mail; this is NOT from British Telecom or Yahoo!
This may look like a genuine BT Yahoo! sign-in page, but note the url at the top.
A phisher’s fake website.
A genuine BT Yahoo! sign in page with the sign-in seal blacked out.
[The above article was first published April 20, 2013.]
Back To Digital Journal Index