Good Sam Community

Constantly getting this garbage...

Standard Phishing technique.

Companies NEVER send out blanket statement emails telling you that you need to "verify your account details", "update your password", etc.

As much as we tell people not to fall for these scams, as much as you see these issues reported on the news, PEOPLE STILL FALL FOR THEM.

RetiredRealtorRick wrote:
. . . and just looking at it, I see the 'E' of expire and the 'S' in support are both capitalized. The mark of a scam for sure. Organizations the caliber of Yahoo! would let something like that slip by them prior to sending out an email.

Slow down a second...if you've read many Yahoo articles, I wouldn't put it past Yahoo to let spelling errors thru. They often use the comments section to edit articles.

But this is still definetly a phishing email.

You did right by checking the email address. Always do that of a suspicious email.

I sometimes get emails of that type. And sometimes with an actual personal contact’s name as sender. But clicking on the email address invariably shows some address different than what initially shows. Standard spam phishing technique.

It's a scam

If you get something like that or any of a thousand others that even have the slighest aroma of "Possible scam" do not click on any links

Go to the claimed source via bookmark or manual typing of known URL

IE. yahoo.com or mail.yahoo.com
And go then do it from there

What happens is and I'll give you an example

NOTE this link IS safe,, but it's a lie
YourMail.com

it appears to link to the fictional your mail web site (I coudl put anything I liked in there

It links... to this thread

Good thing you caught that and was suspicious

Your self created password does not expire !!

Only temporary login passwords sent to you from the website do this, and they are only sent , After you verify who you are, because you forgot your password

I get phishing emails and texts every week, supposedly from banks to fix some error, I DON'T have any accounts with those banks,
The scammers buy email addresses list, and then send out their phishing attempts,
Use an auto text program pick and area code and send out scam texts to All possible phone numbers ,
With 7 numbers after the area code that about a million phone numbers, even just one exchange prefix the last 4 numbers provide a chance to send out thousands of scam texts
Or robot calls

Why would your password suddenly be about to expire?
Pretty much the answer right there.
Glad you caught it and did nothing with it.

It is a typical phishing scam to get your email account info. At least you were vigilant to check the sender's email address. Though many fall for this.

Why it can be of concern is that many use a single email account for all accounts including financial or biz accounts. If compromised, a scammer may look at your emails for financial related accounts. Then submit a forgot login to the website. The reset login would typically be sent to that email address, allowing a hacker to change the login and access your other accounts. This is a compelling reason to use two-factor authentication for account access or any changes. Most financial sites already require this.

It's a better practice to never click links in an email, and go directly to the website itself. One trick a hacker may try is to inject malware in vulnerable systems by directing you to their compromised site first in email links, before redirecting you to the actual website. Best to just go to the website itself, and get rid of the middle man (aka MiM).

Thanks folks, confirming my suspicions.

. . . and just looking at it, I see the 'E' of expire and the 'S' in support are both capitalized. The mark of a scam for sure. Organizations the caliber of Yahoo! would let something like that slip by them prior to sending out an email.

Never click on email links. Just use your normal way to get to Yahoo and then click on change password and change it. That way if it needed to be changed you are safe. If it didn't need to be changed; no harm done.

Standard Phishing technique.

It's easy to create an email that looks legitimate. If you click on the link, it will likely ask for your user info including password...then they have access to your account.

Unless you just requested something (ie: you just ordered an air compressor on amazon and you recieved an email 5 min later from amazon saying here is the info for your air compressor purchase), generally don't click on email links.
- Preferably go to the website directly from your normal method (not the email link) and from there see if they are asking for the same info.
- If you really feel the need to click on the link, check the email address (not the name associated which is easy to fake...in the above example it shows "yahoo" but the email has no reference to "yahoo" ). It should reference the website (be careful of endings other than ".com". The above example is ".kr" implying Korea, though that could be faked also and other country codes are often used when the ".com" site is already taken by the legitimate site.).