Select Page

Cyren Security Blog

Yahoo phishing hides in compromised WordPress websites

Yahoo users have been targeted in a phishing attack that starts with an “avoid account deactivation” email. Mousing over the link shows the non-Yahoo link – an easy way to know that something is amiss.

The phishing pages are very authentic looking. Once users have entered their login details (which are collected by the phisher), they are redirected to Yahoo Mail.

A large number of compromised sites have been used to hide the phishing pages – all the samples collected by Commtouch Labs were based on WordPress. In such cases the phishers seek out a particular plugin with a known vulnerability that can be repeatedly exploited on many sites. In the example below a Romanian photographer’s website continues to function normally while the phishing page is hidden in the blog section.

You might also like

LinkedIn Phish Kit

Scam Warning Back in January, LinkedIn posted a warning about connection requests from individuals impersonating employees of a legitimate organization. These requests come from newly created accounts. If someone accepts the request, the attackers will have more...