Malicious e-mail from Yahoo! breach.

malicious e-mailI’ve received the first malicious e-mail as a result of a compromised Yahoo! e-mail account. I’ve warned the individual and hopefully he still has control of the account and can secure it again.It’s a typical “phishing” e-mail, which attempts to get you to carry out some action (e.g.- open an attachment or click on a link) and this will then lead to some attempt to compromise your computer. Google’s spam filters picked it up, so I was nice and safe. It is quite likely that this e-mail account was compromised as a result of the Yahoo! data breach back in 2013. Yahoo! have admitted that details of every single e-mail account they had, was leaked to evil doers.

These details included weakly protected passwords, so it is likely that the bad guys have accessed this individual’s account and downloaded his contacts. Here is the malicious e-mail in question, I’ve redacted the name portion of the e-mail address to protect the individual:

malicious e-mail

  • So the Subject of the e-mail is “Statement from <compromised e-mail address>”.
  • The individual’s e-mail address is buried in the “From” address in the e-mail.
  • Also the last line of the e-mail is the name part of the e-mail address.
  • However this malicious e-mail did not actually come from that person’s Yahoo! account, but rather that “rimports.hostpilot.com” domain that Google picked up on. This e-mail originated in the Philippines.

The use of the address is all an attempt to make it look like this e-mail is from somebody you know and perhaps trust and you may therefore be inclined to click on the link, as in this case. I’ve also redacted a part of the link in case any of my curious readers attempt to go to that address. I don’t want you to compromise yourselves. ?

Even without Google’s spam filters, I would have been suspicious of this e-mail, as I had only ever exchanged 2 e-mails with him 3 years ago. So I would have abided by Commandment 5, I was not expecting that e-mail from that individual, so I certainly wouldn’t have clicked on the link.

So please watch out for any unusual e-mails that come to you from people with Yahoo e-mail addresses.

Let’s be careful out there.