A vulnerability been discovered that is being exploited by a player with a boot program. This vulnerability is being used to steal Yahoo! IDs and gain access to related Yahoo! information such as Yahoo! email accounts and Yahoo! Wallet, a feature that stores your banking (checking accounts and credit cards) information. This is serious criminal activity which requires vigilance to not become a victim.
This is frightening information, and I hope you are giving this email the serious consideration it deserves. One thing we want to make perfectly clear, you CAN protect yourself against becoming a victim. We know of one person that has this capability, but there may be others While the main focus at this time appears to be members of the Euchre leagues, it can change at any time to focus on another group of members or even multiple groups.
There are recognizable signs if your Yahoo! account is being targeted. Please pay particular attention to the following.
Once the booter has selected his next victim, a program is used to boot the target from the Yahoo! game room, Yahoo! Messenger and any other Yahoo! services you may be logged into. The program does more than just boot the person out of Yahoo!, it identifies their IP address and sends a “tag” that is linked to that IP address. When the person attempts to re-login to Yahoo!, this tag directs them to a fake Yahoo! login page. The fake Yahoo! login page can be recognized by certain characteristics.You are asked to verify a word code as shown below:
This is not something that has ever been required or used, to login to your Yahoo! account. This Yahoo! Messenger Word Verification page belongs to the booter and if you type in your User Name and Password, you are actually typing your login information directly to the booter.
If you receive this Yahoo! verification page, you should immediately shut down your computer (it may also help to delete cookies and temp files). Restart your computer and go to the Yahoo! sign-in page or open Yahoo! Messenger. If you have the normal sign-in page you should be fine. If you get the same word verification page, DO NOT try to sign in, the tag is still linked to your IP address. There are 2 options you can try, shut your computer down again and leave it for a few hours, or go to a different location where you would have a different IP address and try logging in again.In each case we are aware of, logging in from a different location (not just a different computer in your house), has been 100% successful.
If you receive the Yahoo! Messenger Word Verification message when you login to Yahoo!, DO NOT type your login information. Please send a report, you may also try sending a report to security@Yahoo-inc.com . Please give as much information as you can when reporting suspicious activity.
