Someone sent me the mail below, it looks very fishy and this is how I confirmed it as a scam.

screenshot-1: the original email: the email claims to be from Yahoo Account Service and there is a termination link to cancel the termination request.


1) mouse over the email sender's name "Yahoo Account Service" to check the email senders real email address. In this case, the scam email came from "wrightsean22 at"


I searched google for the email address and the results are scam / 419-related. You can always search an email address first on google to see what information it gives you.


2) mouse over the termination link: and thats where the fish pops out of the water:


Mouse over the termination request link and notice the "tinyurl" shortlink..., meaning there is a hidden link somewhere.

Right click on the termination request link and open in a new tab:The tinyurl shortlink goes to another page: (below), similar the yahoo's login page:


Some technical jargons:

.ht is the top-level domain name for Haiti. The "public" and "server" directories of the website contain no content; while the ".cancel" directory contains the yahoo.htm webpage and a php file(zenit.php).....which will collect/receive the username and password entered into the above, and post it to the email-hacker.....thus he/she can take control of their victims email account.



s3 resolves from IP-addresses:


Add comment

Security code