Fake Yahoo "Award" Message Scam,
From The Search Engine Report
Jan. 9, 1998
First, a few Yahoo users were told they'd been exposed to a virus. Then, someone pretending to work for Yahoo tricked some users out of their credit card details.
On Dec. 8, some people saw a virus-warning message left behind in the Yahoo site by hackers. The message said anyone who had visited the site within the last month was infected with a virus that would activate on Christmas Day. Yahoo says there is no such virus, and that the threat is a hoax.
Next, on Dec. 12, someone took advantage of Yahoo's free email service to dupe people into sending them credit card details.
An official sounding message was sent out to an unknown number of people telling them they had won a free 56K modem. To collect their "prize," they were told to send a credit card number to cover a $5 shipping fee.
Yahoo estimates less than 100 people were tricked this way. It is trying to contact all victims and is investigating the crime.
The key to the scam's success was the use of the official sounding "firstname.lastname@example.org" email address.
Anyone can open a free Yahoo email account with fake personal details. This provides them with an address that ends with @yahoo.com, which until the new service began, was a format only available to Yahoo staff. Yahoo chose to make the address widely available to reinforce its brand.
After the new service began, Yahoo corporate addresses changed to a @yahoo-inc.com format. However, many people don't realize this. Thus, it was only a matter of time before someone took advantage of the confusion to pretend they were from Yahoo.
In this scam, a different email account was used to send the message, and the Yahoo address was used to receive messages.
Anyone who receives suspicious email that appears to be from Yahoo is asked to forward the message to email@example.com. The service also provides these tips to avoid fraud. Look out for:
+ Someone asking for confidential information such as credit card numbers, bank account information or passwords
+ Someone you have never met claiming to be a representative of an online service or any other company
+ Someone notifying you that you have won a prize or a contest that you did not enter
Yahoo: Con Artists Collecting Credit Card Info
PC World, Dec. 12, 1997
Yahoo recovers from scam, hack
News.com, Dec. 12, 1997
Scammers Use Yahoo Again
Wired, Dec. 12, 1997
Yahoo suffers short hack attack