I post at SearchCommander.com now, and this post was published 15 years 4 months 5 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.
In light of recent news about Microsoft and Yahoo search, I almost fell for this bogus e-mail, which is a phishing expedition for usernames and passwords.
The fact that I’ve been advertising an affiliate offer heavily in Yahoo Sponsored Search over the past three weeks, and the fact that I just read about a new user interface coming soon, put Yahoo it in the forefront of my mind.
I was only at the last second that I caught a glimmer of potential fraud – and sure enough, it’s a scam.Β Note the domain name is NOT Yahoo, but that won’t show up in the .html version of the email.
Dear Advertiser,
We just want to remind you that, on August 25, 2009, your Local Sponsored Search account will be discontinued. You will be upgraded to a new Sponsored Search account with geo-targeting and other great new features.
Please note the following: In order for us to upgrade your account you need to verify your user/password of your account. Please remember to input your Sponsored Search user and password correctly NOT your email and password.
Please visit the following link to verify your account:
http://marketingsolutions-yahoo.com/adui/signin/loadSignin.htmSincerely,
Your Partners at Yahoo! Search Marketing Copyright 2009 Yahoo!, Inc. All rights reserved.
Had I been just a few seconds slower on the uptake, I probably would have found myself with dozens or hundreds of ad campaigns for someone elses domains, and maxed out credit cards. Yikes!
I looked up the domain name justΒ to be sure…
Any time your credit card or finances are even remotely involved, never, ever, should you click on a link in an email where you are being asked to verify your username and password for ANYTHING.
If in doubt, always manually type in the domain name of the real merchant or go to your bookmark / favorite to see if a request is legit.
Hello Scott,
As a general rule, I look for grammatical and spelling mistakes in any suspicious email. Spammers are notoriously poor at the English language. The example you provided looks pretty good, which leads me to believe that some of the spammers/phishers are getting better at their nefarious game. Thanks for the heads-up.
Best,
Dan
In this particular case, the fact that it was a dash before the “yahoo.com” part of the main, rather than a dot should have been a sign, too. That’s not a Yahoo subdomain, that’s a totally unrelated domain that happens to have the word “yahoo” in it.