Last week at least 30,000 email addresses were published online that had been harvested from phishing emails.  These are emails sent to people that appear to be genuinely from banks, email providers or other companies that trade online, asking you to confirm your personal details to them.

In the case of this recent scam the emails also took the information needed to get your password again if you changed it.

I thought I’d take you through one of these emails and discuss how to spot one.

Subject: Verification Details Required

Dear Yahoo! Account User,

We encountered a problem with our database and a lot of records were lost, we are restoring our database to enable us serve you better. Your Yahoo! Account details are required so as to store in our database to keep your account active.

Failure to do this will lose his or her account permanently.

To update and enable us restore your account details in our data base to keep your account active, you are required to provide us the details below urgently.
Click the reply button to enter details below .

  E-mail Address:
  Password :
  Date of Birth:
  Country or Territory:
  Occupation:
  Alternative E-mail:

Make sure the details above are correct to enable us restore your account details, this will help prevent your account from suspending or closing.
Note: YOUR DETAILS WILL NOT BE SHARED..

Users have often told us that the more they use Yahoo Account! Service, the more they discover its benefits. We’ll keep working on making Yahoo! the best email service around, and we appreciate your joining us for
the ride.

Thank you,
Sandra O. John
The Yahoo! Team
Message Code: XV6289KK

This is one of the offending emails responsible for last week’s problems and went out under the subject “Verification Details required” and “Warning! Details Needed”.

The first thing to spot is the bad use of English.  Because these scams never originate in English speaking countries the language they use is usually quite poor.  The subject Verification Details required is terrible English and the grammar is also bad with the mixed use of capital letters.

The rest of the email is also scattered with grammatical errors such as incorrect use of capital letters, “Your Yahoo! Account details are required” and there is sloppy English everywhere “this will help prevent your account from suspending or closing”.

This was forwarded to me by a friend who told me he found it very convincing but that the poor use of English had given it away.

As easy as it can be to spot this there is an even simpler rule to spotting a phishing email.  No company will EVER ask you to confirm any of your details via an email.  Any time you get an email asking you to do so you should forward it to phishing@ and delete it.