The email purports to be from Yahoo administrators and attempts to dupe users into signing up for new email accounts with the company. But using a clever combination of Yahoo and their own home-made Web sites, the hackers are claiming the accounts as their own.
"No one is going to block Google," said Alex Shipp, senior antivirus technologist for MessageLabs. "The link is a very complex string that hides their URL behind Google. It redirects three times probably to try and defeat anti-spam measures. Basically, you create email accounts for the bad guys. It's a way of ensuring that they have loads of accounts, and these could be used for [sending] spam."
The fraudsters sent emails pretending to be from Yahoo asking users to complete a registration form for an email account. The link on the email directs users to a fake Yahoo Web site, but does so pointing browsers at Google three times first. At this point a legitimate Yahoo pop-up appears explaining the registration process. When the form is completed, users are prompted to fill in a legitimate verification number, at which point the hackers can take control of the account.
Shipp said that his team had discovered a similar scam that duped Citibank account holders into divulging their details and tricked them into handing over their PIN numbers, suggesting one group of fraudsters are responsible for both operations.
"The chances of two different gangs doing this are pretty small," said Shipp.
Hackers have also been using ZDNet and CNET redirects as means of hiding their Web sites, Shipp said.