Hackers spoof Yahoo email addresses in new dating scam

Published August 2, 2012 2:45pm

Hackers are spoofing Yahoo email addresses in what appears to be a new dating scam, a security vendor warned on Thursday.

Sophos said its spam traps yielded several emails bearing Yahoo addresses that sought to start a relationship with the recipient.

"The hackers have most likely harvested the images from social networking sites and other websites in an attempt to add a little color to a rather common-or-garden dating scam. ... They are also spoofing Yahoo email addresses in an attempt to add legitimacy to the messages," it said in a blog post.

It said many of the messages had headers that "appear like normal Yahoo emails" but whose Reply-To fields do not point back to Yahoo.

One such email had its Reply-To field set to an address with a @fastmail.fm domain.

Sophos said such emails may be the first stage in an elaborate scheme to trick the recipient into handing over personally identifiable information for identity theft.

It may also be meant to trick recipients into wiring the supposedly "nubile young female" email sender some money.

Also, it cited the danger the email may aim to recruit the recipient into a money laundering operation. "Can you transfer some money for me from A to B?"

"Don't be fooled into thinking that romance scams like this aren't much of a threat. In 2011 it was estimated that scams like this cost US victims $50 million, and such scams have even driven their victims to suicide in the past," Sophos warned.

It advised recipients to adopt the motto "If it looks too good to be true it probably is!" — TJD, GMA News

Tags: yahoo, dating, email, webmail