Yahoo! Marketing users are the target of a new phishing scam being detected today by zveloLABS™. Webmasters receive a very believable notification that their Yahoo Marketing account has expired with a link to login and presumably reactivate the account.
If the user follows the link, they’re presented with an authentic looking login page where the phishing attack takes place. The username and password entered here are delivered to the attackers for further exploitation. With these credentials, criminals can hijack paid advertisements, replacing legitimate ads with their own malicious links or code.
The “hook” in this scam is a classic warning of impending account closure. The domain being used to serve the phishing attack was registered only today, but has an authentic ring to it. The URLs also use a marketingsolutions.yahoo subdomain to make the URL seem more authentic.