Don’t Fall for This Yahoo Mail Phishing Scam (2023)

Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

Phishing is a cyberattack in which the target is contacted by a threat actor impersonating a trusted individual or entity. There are several types of these attacks, but email phishing is by far the most common one.

In a typical email phishing attempt, you receive a message from what appears to be a legitimate entity urging you to take action; for example, to change your password or sign into an account. If you fall for the scam, the attacker obtains your personal information. One such scam has been targeting Yahoo Mail users.



(Video) Dealing with phishing e mails in yahoo email

What Is the Yahoo Mail Service Scam?

In this phishing scam, the threat actor contacts a victim, claiming to represent the Yahoo Service Team. The email says that all "old versions" of Yahoo Mail accounts will be closed soon, and urges the victim to click the Sign-in to Yahoo button and log into their account as to avoid "service interruption." Unless they do this, they will be "locked out permanently," the message stresses.

To really understand what the scammer is trying to accomplish here, let's break down the email and parse the language. For a start, the threat actor is repeatedly creating a sense of urgency in order to convince the target to click the link. Nobody wants to lose access to their email, so this social engineering technique makes perfect sense, as rudimentary as it may seem.

The "protect by Yahoo!" logo, as well the login button look rather convincing—there's hardly any difference between the images this scammer used and the company's real logo. The color scheme is the same, the font very similar, and Protect by Yahoo is an actual service Yahoo offers to its customers.

Don’t Fall for This Yahoo Mail Phishing Scam (1)

Also note that the threat actor is not using a naked URL, because that would make it obvious that the link does not lead to an official Yahoo page. Instead, they are disguising the phishing URL with a fake sign-in button.

What's more, Yahoo does actually issue similar notices on occasion. The company often reminds users that it closes inactive accounts, or email accounts that haven't been used for more than 12 months. Clearly, this particular threat actor is aware of the practice and counts on the target being familiar with it to carry out the attack.

So, where exactly does this link lead to? It redirects the victim to a page closely resembling the standard Yahoo Mail sign-in site. If you were to enter your email and password there, the threat actor would steal your information and use it to log in to your account.

After gaining access to your email, the threat actor could do any number of things, including compromising connected accounts and stealing your personal information. They could also blackmail you, or simply use your address to launch other phishing and malware attacks. The possibilities are endless.

(Video) Recover Hacked Yahoo Email Account in 5 Simple Steps | 2021 | 100% Working

So, the scammer wrote an email free of grammatical and spelling errors, created a sense of urgency using vaguely threatening language, referenced services Yahoo actually offers, and included company imagery in their message, which was short and straight to the point. But they also made some missteps.

How Does the Yahoo Mail Phishing Attack Work?

To a tech-savvy person, this email probably screams "phishing", but it's easy to imagine someone older, who is not that great with technology, clicking the link. Besides, a person who knows what to look for would immediately notice that the email came not from Yahoo, but from a random AOL email address.

Googling the email address the scammer used, "", produces only a couple of results. However, testing the email with Have I Been Pwned? shows that it was "pwned" in 18 data breaches. This strongly suggests that the phishing email did not come from whoever the original owner of that email account is or was, but from a threat actor who obtained access to it after one of those 18 breaches.

Don’t Fall for This Yahoo Mail Phishing Scam (2)

We can only speculate as to how the cybercriminal might have gained access to this email, if that is indeed what happened. For example, it is possible that they purchased the credentials on a dark web marketplace, or simply broke into the account somehow because the original owner failed to use a secure password.

Still, in many ways, the scam was well-executed. For example, several online tools that analyze links and check if they're safe found no issues with it. However, Virus Total did: two security vendors, Avira and Webroot, flagged the link as malicious and described it as a phishing scam.

(Video) Don't Fall For This Virus Warning Scam!

Virus Total is very useful in these situations, since it inspects links with more than 70 scanners. Using this tool, you can also check if a file you downloaded is safe, instead of launching it and finding out yourself—and you should never do this unless you are 100 percent confident the file came from a trusted source.

Don’t Fall for This Yahoo Mail Phishing Scam (3)

There are other ways to check where a link leads to without clicking it. For example, you can use a tool called Screenshot Machine. As the name suggests, Screenshot Machine takes screenshots of web pages, so all you need to do is copy and paste a suspicious link, and then press Enter.

If you're on a computer, another simple way to check out a link is to simply hover over it with the mouse pointer. This way, you will find out where the link actually goes without clicking it. If you were to do that with the link this threat actor emailed, you would quickly realize that it does not actually lead to Yahoo's sign-in page.

How to Report the Yahoo Mail Upgrade Scam

If you receive an email claiming you need to update your Yahoo account, you can safely assume you're not the only person the scammers are targeting. In fact, it's more than likely thousands of people have received the same fake Yahoo Mail upgrade notice, which is why you should consider filing a report. Here's how to do that.

If the scam email came from a Yahoo Mail address, you can report the perpetrator to Yahoo. To do that, visit the Yahoo Help Central, and navigate to "report it to Yahoo directly." Once you click the hyperlinked text, a new page will load, displaying a short form. Fill this out, describe the scam, and make sure you provide the Yahoo ID of the person or account you're reporting (the ID is the part before "@" in their email address).

(Video) Fix Yahoo ! Sorry we don't recognize this email problem solved

In case the fake Yahoo Mail upgrade warning came from an address associated with a different provider (e.g. Gmail, Outlook), you can report it by marking it as spam. The "Spam" button will be located right above the message itself, so you should have no issue spotting it. Once the pop-up appears, click the "Report as Spam" button.

Don’t Fall for This Yahoo Mail Phishing Scam (4)

And if you have a few spare moments, consider reporting the scammer's website as well. Obviously, you should not visit the page, but you can copy the link and submit a report to a relevant authority; be it a government agency, a hosting provider, or a consumer protection organization.

You should also keep in mind that other email providers, and not just Yahoo, are being targeted with fake upgrade scams. As PC Risk reported in March 2023, these scams have become particularly prevalent in recent years. However, they are all alike, so if you learn how to spot one, you'll probably be able to recognize them all.

Protect Yourself Against Phishing

Phishing attacks may be common, but there are ways to protect yourself from them.

Never click on suspicious links, inspect every link from an unknown email address, always check where an email came from, use two-factor authentication, and have strong anti-malware protection installed on every device you use.

Yahoo Mail is one of the most popular email services out there, and it is relatively safe, just like Gmail, Outlook, and others. Still, if you care about cybersecurity and privacy, you should strongly consider switching to an encrypted email provider.


Is Yahoo updating email accounts 2023? ›

This is to notify you we are closing all Outdated versions of our Mailbox as from 5th of February 2023. We're making these updates to clarify our terms and ensure that they remain transparent for you. Thank you for being part of AT&T Yahoo Membership. Enjoy our extra security, support and savings you get.

What if I answered a phishing email? ›

First, replying to a phishing email provides the scammer with a copy of your company's email signature, which might include phone numbers and other information. This signature could enable them to craft more convincing spearphishing templates, as well as giving them more potential targets.

How can you identify a phishing email there are multiple answers correct? ›

7 Ways to Spot Phishing Email:
  • Emails with Bad Grammar and Spelling Mistakes. ...
  • Emails with an Unfamiliar Greeting or Salutation. ...
  • Inconsistencies in Email Addresses, Links & Domain Names. ...
  • Suspicious Attachments. ...
  • Emails Requesting Login Credentials, Payment Information or Sensitive Data. ...
  • Too Good to Be True Emails.

What happens if you click on a phishing link on your phone? ›

Much information including your basic information and your contacts may be exploited. After gaining remote access rights, attackers use the user information to access important accounts and even gain some money.

Do I need to update my Yahoo email account? ›

Update your account to avoid losing your mailbox and important messages. Note: If you do nothing, you may no longer be able to access your email and your account will be closed before these terms become effective.

Does ATT Yahoo Mail need to be updated? ›

customers who have not updated their email account will no longer be able to log in to their Yahoo Email Account. Customers will have to Verify their email address to switch to the latest Version of mail. Upgrade to a more secure version here.

Can spammers tell if you open an email? ›

Can Scammers See That I Opened Their Email? It depends. Scammers will be able to tell that you opened an email if you download any attachments or click on any links (which you should NEVER do), or if your email client automatically loads any images that are embedded in the message.

Can opening an email get you hacked? ›

Just opening the phishing message without taking any further action will not compromise your data. However, hackers can still gather some data about you, even if all you did was open the email. They will use this data against you to create more targeted cyber attacks in the future.

Do I delete phishing emails? ›

If you receive a spam email, you should delete it immediately—do not open any attachments or click any links. It only takes one wrong click, and hackers can gain access to your entire computer. The tips below will help you better protect yourself when using email. Phishing emails are one type of email scam.

What happens if you click on a phishing link but did not enter details? ›

Clicking a phishing link in a spam text message can open your phone to security threats. If you don't enter any information or accept any downloads, your data may be safe. On the other hand, it's possible that suspicious files and malware were downloaded to your device through that malicious link.

How do I clean my phone from viruses? ›

How to get rid of a virus on your Android phone: Step-by-Step
  1. Step 1: Clear your cache and downloads. ...
  2. Step 2: Reboot in safe mode. ...
  3. Step 3: Connect to a different network or change your connection method. ...
  4. Step 4: Change your Google password. ...
  5. Step 5: Change your passwords. ...
  6. Step 6: Identify and uninstall any suspicious apps.

Can your phone be hacked by opening a link? ›

Fake or malicious websites can hack your phone through sophisticated drive-by downloads that can launch an attack without any user interaction such as clicking a link or downloading a file. Even legitimate websites can be abused by hackers to infect your device via malvertising pop-ups and banners.

Can hackers hack your phone by clicking a link? ›

Hackers do not even have to steal the victim's phone to download malware. They just have to plant viruses on websites designed to infect the smartphones and wait for the user to simply click a link on their phone.

Should I delete old Yahoo email account? ›

If your Yahoo account information is potentially exposed, then deleting your Yahoo account when you aren't using the service any longer is a smart idea. It prevents hackers from abusing your account and any other accounts you have registered with the email address.

How do I clean up my Yahoo email account? ›

How to delete all of your email on Yahoo Mail
  1. Open Yahoo Mail in a web browser.
  2. Click the checkbox at the top of the browser, above the inbox. ...
  3. To select more messages, scroll down to see all the messages in the inbox.
  4. Click the checkbox arrow again to click "All." You should now see that all the messages are selected.
Jun 19, 2020

What is the upgrade for Yahoo Mail? ›

Yahoo Mail Plus gives you greater control of your inbox with an ad-free email experience, premium customization and security features.

Does it cost anything to upgrade Yahoo Mail? ›

Yahoo also offers a premium email plan called Yahoo Mail Plus for $5/month, but it's a less compelling option. It gets you 5 TB of storage, an ad-free email client on the web, and a few extra email features.

What is att mail Update 2023? ›

We're making improvements to Mail!

On or after April 30,2023, through May 2023 all users of Mail will be prompted to upgrade their Mail accounts. You'll see some exciting changes in webmail that include a new look and feel that makes webmail even easier to use.

How much does it cost to upgrade Yahoo Mail? ›

Ad-free email and a whole lot more
FeatureYahoo! Mail Plus ($5 per month)AT&T Mail (free)
Email organized automaticallyYesYes
One-click, easy unsubscribeYesYes
Attachments and photos in one placeYesYes
Get alerts for key emailsYesYes
10 more rows
Feb 1, 2023

Can opening an email infect your phone? ›

A questionable email alone is unlikely to infect your phone, but you can get malware from opening an email on your phone if you actively accept or trigger a download. As with text messages, the damage is done when you download an infected attachment from an email or click a link to a malicious website.

What are two main signs of spam emails? ›

Major warning signs in an email are:
  • An unfamiliar greeting.
  • Grammar errors and misspelled words.
  • Email addresses and domain names that don't match.
  • Unusual content or request – these often involve a transfer of funds or requests for login credentials.

Do spammers know when you block them? ›

No, they won't know if you have blocked them. They won't receive a notification you have filtered their messages from your inbox. Their emails simply go straight to spam if they try to send you anything.

Can someone hack my bank account with my email address? ›

It's also possible hackers could use your email account to gain access to your bank account or credit card information, draining funds from an account, or racking up charges. They might even use your email and password to sign up for online sites and services, sticking you with monthly fees in the process.

Can hackers do anything with just your email address? ›

One of the major risks of scammers having your email address is that they'll use it to hack into your other online accounts. With your email address, they can request password resets, try entering your other passwords that have been leaked online, and even break into your email account.

Can opening an email infect your computer? ›

Can I get a virus by reading my email messages? Most viruses, Trojan horses, and worms are activated when you open an attachment or click a link contained in an email message. If your email client allows scripting, then it is possible to get a virus by simply opening a message.

Is it better to block spam or just delete it? ›

If you receive any unwanted email, the best approach in almost every case is to delete it immediately. It is often clear from the Subject line that a message is junk, so you may not even need to open the message to read it.

Is it better to block or report phishing emails? ›

If you got a phishing email or text message, report it. The information you give helps fight scammers.

What happens if you unsubscribe from a phishing email? ›

Most spammers have no idea if your email address is a valid one. They're just sending emails and hoping someone will fall for them. But when you hit that seemingly legit unsubscribe button, they get confirmation your email address is active. And they proceed to bombard it with even more messages every day.

What are the red flags to look for in a phishing mail? ›

Phishing emails often contain very generic greetings or even no greeting at all. Common generic greetings include “dear customer,” “dear account holder,” “dear user,” “dear sir/madam,” or “dear valued member.” If an email from an apparent trusted source does not address you directly by name, that could be a red flag.

What are the identifiable red flags in a phishing email? ›

Incorrect (but maybe similar) sender email addresses. Links that don't go to official websites. Spelling or grammar errors, beyond the odd typo, that a legitimate organization wouldn't miss.

Should I reset my iPhone if I clicked on phishing link? ›

You mustn't reconnect the original device to the internet to avoid any malware spreading. Change Passwords: Hackers can access your credentials via phishing links, so if you think you clicked on one, changing your online passwords, particularly to things like bank accounts, is essential to avoid further damage.

How do I check my phone for malware? ›

The best way to check for malware on your phone is to use a mobile security app like free AVG Antivirus for Android. Run a scan. After installing AVG Antivirus, open the app and run an antivirus scan to find malware hidden in your device's system.

How do I know if my phone has malware? ›

10 signs a mobile device has been infected with malware
  1. Slow performance. ...
  2. Random reboots. ...
  3. Strange text messages. ...
  4. Overheating. ...
  5. Unusually high data usage. ...
  6. Unfamiliar apps in the device app list. ...
  7. Battery draining fast. ...
  8. Taking a long time to shut down.
Nov 1, 2022

What is a common indicator of a phishing attempt Cyber Awareness 2023? ›

Common indicators of email phishing include: Emails urging recipients to act on an unusual sense of urgency. Potentially malicious links within an email. Unusual spelling and grammatical errors in emails.

How do I remove a virus from my email? ›

Learn five measures you can take to when cleaning up a massive email virus infection
  1. Stop the flow of SMTP traffic.
  2. Keep users out of Exchange.
  3. Freeze your message queues.
  4. Locate and remove infected messages.
  5. Return Exchange to a functional state.

Do I need a virus cleaner for my phone? ›

Do Android phones need antivirus? While Android has built-in security features that help to protect against malware and other security threats, it may still be a good idea for users to install a reputable Android antivirus app on their device.

What happens if you leave a virus on your phone? ›

Excessive data usage: Undetected viruses running in the background of your phone may significantly increase data usage. Unauthorized charges: Some forms of trojans may drive up your phone bill with in-app purchases and text charges to premium accounts which hackers can then collect on.

Do viruses on phones go away? ›

You can clean your Android phone of viruses and malware by deleting malicious software in safe mode, clearing the cache, or performing a factory reset. While there are no true computer viruses that can infect your Android phone, there's plenty of other malware.

Can you tell if your phone is being monitored? ›

Go to Settings – Applications – Manage Applications or Running Services, and you may be able to spot suspicious looking files. Good spy programs usually disguise the file names so that they don't stand out but sometimes they may contain terms like spy, monitor, stealth, and so on.

Can hackers see you through your phone camera? ›

Can hackers watch through your camera? If a hacker installs spyware on your phone then there is a good chance they will be able to access your camera and turn it on/off as they please. They may also be able to access any photos or videos you have previously taken.

Can you remove a hacker from your phone? ›

Yes, you should be able to remove a hacker by doing a factory reset on your phone. Keep in mind that this solution will remove all of your data, including contacts, third-party apps, photos, and other files. You will need to set up your phone entirely from scratch.

Can someone hack into your phone and see what you do? ›

Hackers are always eager to infect your device with malware and trojans. By installing keyloggers on your phone, a cybercriminal can monitor your activity and secretly view your login data for websites and apps.

What do I dial to see if my phone has been hacked? ›

Every phone has a unique Media Access Control address, commonly known as the MAC address, which helps identify it when connected to a network. If you suspect you've been hacked, dialing *#*#232338#*#* and comparing the MAC address with your network can help you find out.

Can someone hack into my phone and see my messages? ›

By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person's location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.

Does Ymail still exist 2023? ›

Some older email addresses used, and still opens Yahoo Mail, but the company has moved away from the branding. Now, it's all about Yahoo Mail, and if you set up a new email account with Yahoo, you'll get an email address.

Is Yahoo replacing the classic version of email? ›

Starting the week of June 3rd, tomorrow, Yahoo is discontinuing Mail Classic. It's requiring all Mail users to switch to the new version of Mail and accept a TOS/Privacy Policy update that lets it scan emails to “deliver product features, relevant advertising, and abuse protection”.

Will Yahoo email expire? ›

Yahoo Mail keeps your mailbox active as long as you use it, but after 12 months of inactivity or more, the content will be deleted and can't be restored. Access + Forwarding - Sign up for Access + Forwarding, and never worry about signing in to keep your account active again.

What happens when you upgrade Yahoo Mail? ›

It removes distractions and gives you greater control of your inbox with an ad-free email experience, premium customization options and enhanced security features. You can upgrade to Yahoo Mail Plus on iOS, Android, mobile web and desktop. Upgrade to Yahoo Mail Plus now!

Which is more secure Yahoo Mail or Gmail? ›

Google has a better track record of security with Yahoo having one of the largest data breaches back in 2016 on 500 million accounts. Plus, Gmail does a better job of forcing you into using stronger passwords, setting up two-step authentication, and has a session expiry to prevent you from getting hacked.

What do Yahoo email addresses end with? ›

While Yahoo accounts can end in "" or "", some older accounts may have a different extension depending on the location where they were created.

How do I upgrade to the latest version of Yahoo Mail? ›

Update Yahoo apps on Android devices
  1. Open the Google Play Store app .
  2. Tap the Menu icon . - A sidebar menu appears.
  3. Tap My apps & games.
  4. Next to the Yahoo app, tap Update.

How do I switch to the newest version of Yahoo Mail? ›

To go back to the full featured version of Yahoo Mail (as long as the minimum requirements are met), click the “Switch to the newest Yahoo Mail” link in the upper-right corner of the Basic Mail screen. The selected version will be used when you sign in to your Yahoo Mail account in any browser on any computer.

How do I know if my Yahoo email is valid? ›

Go to Yahoo's account recovery page at, enter the email address that you are checking for validity and click the Next button. Yahoo will say We couldn't match the Yahoo ID you entered with information in our database if the email address does not exist.

What happened to my Yahoo email? ›

To see if your Yahoo Mail account has been deleted: Go to the Yahoo account recovery page. In the Email address or phone number field, enter your Yahoo email address, then select Continue. If your account was permanently deleted, you see the message, Sorry, we don't recognize that email address or phone number.

How much does Yahoo email upgrade cost? ›

($5 per month)

What happens if I uninstall Yahoo Mail? ›

You'll lose access to all of your data and content like your emails, email folders, calendars, Yahoo Fantasy teams and Yahoo Finance portfolios.

What does clean your inbox do in Yahoo Mail? ›

When you connect Clean Email to Yahoo clean your inbox, the application will automatically sort your emails into bundles. One bundle will contain unread emails, another bundle will contain junk and spam emails, and so on.


1. Yahoo Fix Sorry we don't recognise this email address Problem Solve in Yahoo App
(Extra Fix )
2. How To Really Stop Getting Spam Email
3. Fix Yahoo Can't Recognize My Email Error | Yahoo Login Problem 2021
(App Guide)
4. Yahoo Mail not sending or receiving mails
5. Partnering with a 4th Generation Coffee Farmer | VLOG
(Roots and Refuge Farm)
6. Can’t Log In to Yahoo? Fixed- Yahoo Mail Login Problem | Yahoo Mail isn't Responding


Top Articles
Latest Posts
Article information

Author: Rueben Jacobs

Last Updated: 22/09/2023

Views: 5539

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Rueben Jacobs

Birthday: 1999-03-14

Address: 951 Caterina Walk, Schambergerside, CA 67667-0896

Phone: +6881806848632

Job: Internal Education Planner

Hobby: Candle making, Cabaret, Poi, Gambling, Rock climbing, Wood carving, Computer programming

Introduction: My name is Rueben Jacobs, I am a cooperative, beautiful, kind, comfortable, glamorous, open, magnificent person who loves writing and wants to share my knowledge and understanding with you.