I received an email from Yahoo, informing me that I have to update my information. Is this actually from Yahoo?
Here is the email:
You were correct to be suspicious. It’s a fake. You’re the target of a phishing scam, in which a bad guy was hoping to trick you out of your name and password.
I get questions like yours often, so I checked with Yahoo (easy, since I work there) to see if the company ever sends out account-problem emails.
The answer is sometimes. If your account is attacked or compromised, Yahoo will lock it first and you’ll get a “You need to change your password” screen when you try to log in to Yahoo. If you’ve supplied Yahoo your cellphone number, you’ll also get a text message telling you what’s going on.
But guess what? I didn’t need to ask Yahoo to find out if your email was a fake. All kinds of things give away that this was not a real message from Yahoo:
• The presence of the old Yahoo logo instead of the new one.
• The goofy capitalization, spacing, and hyphenation (“Please Re-Activate your Account Now”).
• The run-on sentence (“Your e-mail account has exceeded its limit and needs to be verified and updated, If not verified within 12 hours, we shall suspend your account.”).
• The missing punctuation at the end (“Thank you”).
• The generally amateurish look of the whole thing.
• The fact that when you point to the “Re-Activate” link without clicking, the pop-up bubble shows you what website will actually open, as you can see here. And guess what? It’s not Yahoo!
But never mind all that. There’s a very simple way to make sure that you’re never taken in by a phishing scam.
If you ever get an email reporting a “problem with your account,” don’t click the link in the email message. Instead, open your Web browser and go to the website in question (Yahoo, in this case) by typing the Web address (carefully!). Log in as usual. If there really is some kind of problem, the website will let you know about it.
You can email David Pogue here.