Want to know why it’s an obvious phishing attempt? Let us count the ways:
![[Yahoo Search Marketing pitch]](http://www.trimmail.com/news/images/gif_effectek)
- When you see From: Yahoo Search Marketing Events [workshops-ysm@yahoo-inc.com], you expect to see a message from Yahoo. But a check of the message header reveals the sending server as mail.effectek.com. Hmmm. From Yahoo, but not a Yahoo server…
- No mention of effectek in the pitch, just Yahoo! Yahoo! Yahoo! The response trigger hidden in the HTML-formatted message actually links to regonline.com, instead of Yahoo.
- Attempts to reach www.effectek.com result in “The page cannot be displayed.” In addition, Whois confirms effectek.com’s website status as “not active.” A Yahoo partner with an unplugged website? Unlikely.
- Whois returns the registrant as RegOnline of Boulder, CO and the administrative contact as Attila Safari. C’mon. Attila Safari?
- Googling “Attila Safari” turns up a one shot, self-congratulatory post at effectek.blogspot.com in June, blabbing about Regonline’s integrity. Puh-leeze. Firms with integrity are rarely compelled to shove it in your face.
- WaybackMachine indicates that effectek.com was active until very recently…
None of the above items is compelling by itself. But taken together, they add up to a pretty solid hill of circumstantial evidence.
There’s just one problem. It’s not true. A search of Yahoo Marketing’s site, turns up an event page with identical embedded links. Thus, the effectek letter is real.
Unfortunately (for Yahoo), much of the intended audience will never see it. In today’s phish-wary climate, suspicious messages are often simply dropped. And as phishy-looking letters go, this one’s a doozy.
Oh. Apologies to Attila Safari. That was totally uncalled for.
Update: As Email Battles went to press, PC World dropped Yahoo Users Get Phished, by Jeremy Kirk. It seems folks were getting messages from… friends… with links to Yahoo Photos. Of course, when they clicked, the hidden links dumped them on phishing site(s) at Yahoo Geocities, which accepted their IDs and passwords before sending them on to Yahoo Photos. The routine was improbably slick to detect.
4 comments
Comments feed for this article
September 26th, 2005 at 3:11 pm
freddy
Today, email recipients need to scrutinize every single message before acting to make sure that they aren’t getting conned. Big emailers like Yahoo need to do everything they can to make it easier for end users (both techie and lay) to separate the real from the fake.
Yahoo’s marketing dept must be almost criminally stupid to send out a message this phishy.
September 26th, 2005 at 11:28 pm
Glen
Go GMail
September 27th, 2005 at 12:21 am
Spammer
Just disgusting!
September 27th, 2005 at 8:23 am
Millhouse
A fine example of life being stranger than fiction.