I dunno if this is legit or not, but I recently bumped into a note from someone claiming that there’s a secret email address at Yahoo.com that lets you sneak into a backdoor and recover any account password for any account on Yahoo. The address was “
[[ omitted ]] @yahoo.com” and it sounds too good to be true. Is it?
Oh yeah, it’s far too good to be true and is actually a smart, sneaky social engineering hack where what they actually are going to obtain is your account and your password, which they’ll promptly change.
Here’s a typical message from one of these phishers:
“I got my Yahoo Id hacked and I am not able to use it anymore. I called up yahoo customer care and they r asking me the answer to my secret question which I dont remember now as it was 5 or 6 years ago. I tried one of the tricks on my account just for fun..”
Seems legit, doesn’t it? I’ve also seen these from Gmail and Hotmail too, by the way, so just about any service with a password and lots of potentially naive, trusting users can be a target for these sneaky tricks.
Here are the steps recommended by the phisher:
- Log in to your own yahoo account. Note: Your account must be at least 30 days old for this to work.
- Once you have logged into your own account, compose an e-mail to:
[[ omitted ]]@yahoo.com
This is a mailing address to the Yahoo Staff. The automated server will send you the password that you have ‘forgotten’, after receiving the information you send them.
- In the subject line type exactly: password retrieve.
- On the first line of your mail write the email address of the person you want to hacking.
- On the second line type in the e-mail address you are using.
There are sometimes additional steps requested, but that’s the gist of the message, and as you can see, it really boils down to send us your account name and password which is clearly not a good idea!
Let me be clear in case you’re still unsure what I’m saying here: this is a scam, there are no secret email addresses at any of these services that can recover your password, and you should never, ever email your account password to anyone, even if they assure you that they are a part of the corporation!
Follow up note: Some people have told me that they saw this article, skimmed it, saw the email address shown above, and followed the procedures without actually reading that it’s a scam. Please do not do that!! The reason I show a real address is so if people Google that address they’ll find this article that warns them about the scam, not because I am at all involved in this nefarious social engineering scheme.