Posted September 21, 2007 12:10 pm by with 10 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Well, I guess it was just a matter of time, but today I got my first phishing scam disguised as a Yahoo! Search Marketing customer email:

Yahoo! Phishing Scam Example

Very clever, oh devious ones! What are some of the tell-tale signs that this message is NOT from Yahoo!? Here’s what to check for:

  • No “To” Address. Always be suspicious if you do not see your email address or name in the “To” field of an email header. Yahoo! Search Marketing obviously has your email address on file if you are an advertiser.
  • Title Doesn’t Match the Copy. The headline of this email tells me to renew my account, but the body of the email discusses signing up for SMS account alerts that will come to my mobile phone.
  • Link is not to Always a dead giveaway of phishing scams, rolling over the “Click here to activate ‘instant sms alert’.” link shows that the destination link is, not
  • Doesn’t Address Me by Name or by “Advertiser”. Every email I’ve ever received from Yahoo! Search Marketing has addressed me generically as “advertiser”, but never “member”. Yahoo! is not a membership program.
  • Incorrect Yahoo! Branding in the “From” Address. You will NEVER catch Yahoo! referring to itself as Yahoo (without the exclamation point). That is incorrect branding.

There are many other generic, common phishing tactics that may appear in similar emails you may receive supposedly from Yahoo! Search Marketing. Luckily, we’re all too smart to fall for these phishing tactics! Search marketers, keep an eye out for these phisihing emails. Take that, bad guys!

  • shaddy spammers strike again…

  • Everyday i receive like this phishing scam emails.
    Why people don`t simply be honest.

  • Great tips Janet!

  • About once a week I get a phishing email pretending to be Paypal.

    Thanks God, I had read about it before and was not duped.


  • I had one of my alias email address phished. Luckily it was detected right away and dealt with. Has anyone heard of such a thing? I was under the impression that phishing could only be done with direct email addresses that were not forwarded from a website. All opinions are appreciated. Thanks, Deb

  • Thank you so much for posting these tips. I’ve already gotten 3 of these things and literally hundreds from Paypal.

  • That must be just a coincidence, but the feature of SMS text alerts was sort of brought up at a Yahoo Search Marketing workshop this week. I’d hate to think someone spawned this idea from a helpful seminar like the one I attended.

  • Pingback: HELM, WHM/cPanel, Windows, Linux and SEO Blog » Blog Archive » SearchCap: The Day In Search, September 21, 2007()

  • I’ve noticed a few of these turning up in my yahoo mail as well – hadn’t realised the other “triggers” though – nice tips.

  • Well the most secure site to go on to login to yahoo is So as long as you go there you should be fine.