A Sample of the "Yahoo Password Recently Changed" Phishing Scam
Date: Wednesday, 24 May 2017, 20:16
From: "email@example.com" <firstname.lastname@example.org>
The password for your Yahoo account, was recently changed.
If you made this change, you're all set.
If not, Click here: hxxp://useraccountsecure.is-a-geek.org/profile/ to recover your account
2017 Yahoo Service
If the link in the phishing email message is clicked by the recipients, they will be taken to a phishing website and ask to sign-in. If they attempt to do so, their Yahoo account credentials (usernames and passwords) will be sent to the cybercriminals behind the scam. Once the cybercriminals have gotten the stolen credentials, they will gain access to the accounts, hijack them, and use them fraudulently.
Therefore, Yahoo users who have received email messages with a link to update their information or make changes to their accounts should always go directly to mail.yahoo.com and sign into their accounts instead of clicking on the link. Once Yahoo users have signed into their accounts, they will be noticed of changes or updates, if there are any. Going directly to mail.yahoo.com and signing in from there is only guaranteed way of preventing Yahoo users from becoming victims of phishing scams.
Yahoo users who have already been tricked by the phishing scam are asked change their passwords immediately before their accounts are hijacked and used fraudulently. If their accounts have already been hijacked by cybercriminals, they can click here for instructions to regain access to their accounts.