1

I was doing a Cyber Security and IT audit for a company.

I was told that they had very little in terms of fraud protection, one of the only ways that they detected potential fraudsters was by manually checking if the email address was Yahoo or not. This was for orders on their website.

To my surprise it was almost completely perfect!

My question is why do scammers use email addresses such as yahoo and not try to blend in with legitimate users that have gmail and hotmail? I have seen many cases online of scammers still using yahoo, AIM, yahoo forums etc...

user5623335
  • 381
  • 1
  • 4
  • 12
  • https://security.stackexchange.com/questions/54819/how-can-an-email-from-a-yahoo-address-be-sent-through-yahoo-without-authenticati?rq=1 maybe the answer in here is helpful? – toom May 23 '18 at 10:01
  • Yahoo ? Not even close. 99%+ of aol and hotmail addresses in use are now related to spam, scam or other things like this. Yahoo and others are far behind in this. – Overmind May 23 '18 at 10:31
  • 1
    @Overmind is the 99%+ exagerated? If not can you provide a source? – toom May 23 '18 at 10:37
  • I can provide evidence: log data from big corporate e-mail servers. In the last 2 years, we had a total of exactly 3 valid e-mails from hotmail trying to contact us (we are a subsidiary of Samsung). The rest of a around 12k were spam and automatically blocked. – Overmind May 23 '18 at 10:59
  • @Overmind If automatically blocked how do you know it was not a false positive? :D – user5623335 May 23 '18 at 11:03
  • There are teams analyzing the logs and there's an automated system comparing web-site and external e-mails with e-mail server data and spam lists. At this point, only the 3 addresses are allowed and the whole hotmail and aol are banned. Yahoo is manageable without blocking and we have a lot of valid contacts coming in from there. That's why I said it's not even close to the other 2 when it comes to spam. – Overmind May 23 '18 at 11:22
  • 2
    `This was for orders on their website.`. Statistical selection bias – mootmoot May 23 '18 at 13:35

1 Answers1

0

Ever tried to access your google account over Tor?

Spammers want to e.g. register 1000 email addresses via script over Tor or from the same IP address and then send 1000 spam mails from each. Google doesn’t let them do that, detects automated access, makes them solve captchas or verify their identity by cellphone. Google probably also cries foul by spam mail 17.

So bad guys will use a provider that lets them do their thing with the least hassle. Also they will be unwilling to change provider if the have already scripts for that provider, methods for solving their captchas, etc.

forest
  • 64,616
  • 20
  • 206
  • 257
manduca
  • 1,111
  • 7
  • 10
  • The average spam amount coming from google is nearly the same to the one coming from yahoo. Google may be better protected, but there are more users there at this point. – Overmind May 23 '18 at 11:41