A repeat performance of last month's Yahoo credit-card scam has been orchestrated in an attempt to hustle the credit-card information of unsuspecting netizens by email.
In the third such case to have been documented, victims were informed by email early Saturday morning that they had won a free US Robotics 56 Kbps modem in a promotion being put on by Web landmark Yahoo, and could claim it by replying to the message with their credit-card information.
The sender's official-looking address, x2_winners@yahoo.com, was obtained by the scammer via Yahoo's new free email service. Yahoo shut down the account moments after the email went out - just after midnight on Saturday morning, said Katie Burke, senior producer of Yahoo Mail. "We've had more than zero but less than three actual respondents to that message," she said. "It was a handful."
A machine at German Internet-radio broadcasters MDR Online was used to relay the message, which could have originated anywhere.
As an attempt to curb this kind of activity in their free email service, email addresses at Yahoo Mail can no longer contain the words "winner" or "contest."
"Since our last incident, we have taken measures to make it more difficult to sign up for names that may look like contest promotions," said Burke. "This account would have been caught by the new mechanisms, but unfortunately it was created before that incident. Someone would not have been able to create this account today."
In the original scam, the return-reply email address was contest_winner@yahoo.com. Yahoo was quick to disable the account, but not before "fewer than a hundred" people had responded to the message.
The scam didn't end there, as a similar message - with a different, non-Yahoo return-reply address - made its way around the Net a week later. This second spam prompted a group of Net vigilantes to investigate, which resulted in identifying the perp as a 13-year-old boy in Howell, New Jersey.
"Once again, like in the other incident, we are conducting an investigation and we will take whatever measures necessary to find and take appropriate action against this person," Burke said.
She said that Yahoo could not comment any further on the first two incidents, but that at some point the company may issue a public statement on the matter. It still remains unknown whether these spams were actions of the same party, copycats, or merely pranks.
And it is not likely to be the end of this type of scam, as the availability of free email services - such as those offered by Yahoo - has been on the rise.
"This is a common scam that has been around for quite a while," said Daniel Barrett, author of Bandits on the Information Superhighway. "It has little or nothing to do with the Internet, except that the scammer used email rather than the telephone or postal mail, allowing him to reach lots of people quickly at low cost."
Common sense remains the most effective way to counteract these scams.
"People should remember never to give out their credit-card details to any 'cold caller' for any purpose, whether it's a prize, a credit card offer, or whatever," Barrett said. "If a stranger claims to represent a company and asks for your credit card number or other personal information, ask for the caller's phone number. If they won't provide a phone number, refuse to deal with the caller. In either case, you can call the company's publicly available phone number and verify whether the person is really a company representative."
