Yahoo mail Hammered by Congress for its Inefficiency in Preventing Phishing Attempts
Symantec’s newest threat report claims that email phishing scams have substantially declined in the last three years but incidences where crypto-ransomware was used to encrypt data and demand payment in exchange to unlock it has increased by 35% just in 2015. This means, instead of phish attacks, we must now fear our data being stolen by malicious actors and then having to pay a hefty sum of cash or digital currency to get the unlocking key so that we become able to access the information.It’s time for Yahoo to upgrade its security to highest level before it’s too late
Isn’t it ironic that we need to pay for retrieving the data that was stored by us and belonged to us as well in the first place? Because this is how crypto-ransomware works. It basically conducts the attack by tricking users into accessing compromised websites or opening files that contain malware and as soon as the computer gets infected the contents of their computer get encrypted and locked. The user cannot access anything on his or her computer unless the hacker sends the unlocking code/key, which is done after paying the asked ransom.
It is true that popular email service providers such as Yahoo and Gmail are always trying to filter out phish scams especially those involving ransomware but still some scammers manage to evade their implemented security measures. However, Gizmodo reports that an email was received by the staffers at the House of Representatives regarding the increasing rate of ransomware on Yahoo Mail and Gmail. The contents of this particular email are as follows:
In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third party, web-based mail applications such as YahooMail, Gmail, etc. The attacks are focused on putting “ransomware” on users’ computers. When a user clicks on the link in the attack e-mail, the malware encrypts all files on that computer, including shared files, making them unusable until a “ransom” is paid. The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders. The primary focus appears to be through YahooMail at this time.
The House Information Security Office is taking a number of steps to address this specific attack. As part of that effort, we will be blocking access to YahooMail on the House Network until further notice. We are making every effort to put other mitigating protections in place so that we can restore full access as soon as possible.
Please do your part to help us address this recent attack and protect the House Network going forward by following proper cyber practices at all times. Phishing e-mails can look very legitimate and appear to come from known senders. Be very careful about clicking on attachments or links in e-mails, particularly when you are using non-House e-mail systems.
On-Demand passwords and e2e encryption source code Launched by Yahoo
Hackers Target Users with ‘Yahoo Account Confirmation’ Phishing Email
So, Yahoo Mail was thrashed badly by the congress and in response, the email service provider firm has issued a statement stating that it is “collaborating closely with House IT staff to ensure that they have the right solutions in place to best protect their accounts.”Gizmodo