How this works
So a Yahoo or AOL e-mail account owner who has never changed their password, and a hacker gains access to it (Most likely from a password list bought on the Dark Web). The hacker then send a personalized e-mail to everyone in the compromised account owner's Address Book with a link to either collect credentials or launch malware. The sad thing is some people have been getting these phishing e-mails from people close to them who have passed away. Other's are getting e-mails from friends and relatives that seem legitimate and so the recipient innocently clicks on the link seeing that the e-mail is from someone they know.
Security Tip
Ask yourself these questions when you receive an e-mail:
- Do I know the sender? (hover your cursor on the display name or click the display name to see the real e-mail address)
- Am I expecting this e-mail or any web links/attachments from this sender?
If you know the sender, pick up the phone and verify that they sent you the e-mail and any attachments or web links. Don't reply to the sender's e-mail as the hacker has control over the e-mail account.
In 2018, the number of malicious web links (URLs) sent by cyber criminals was more than twice as many as malicious attachments sent.
Think before you click!
In addition, if you have a Yahoo or AOL e-mail address and haven't changed your password in the last year,,,,CHANGE YOUR PASSWORD NOW!
Be Secure!
@TJMProfessional
