Identify legitimate Yahoo websites, requests, and communications
Scammers are always looking for ways to get personal info with malicious intent. Know how to recognize legitimate Yahoo websites, requests, and communications to keep your account secure.
If you’re on a Yahoo website, the URL contains “yahoo.com”. Another indication that the site is secure is the presence of the lock icon in the address bar.
We never ask for personal info, such as credit cards or passwords, in emails. However, from time to time, we’ll ask you to update your recovery info after signing in. You’ll also get a notification titled “Your Yahoo account information has changed” if any info in your account settings are updated.
- Viewing from web-based email - Emails from us include a Yahoo icon next to the subject or sender. If you don’t see it, then the email isn’t from Yahoo.
- Viewing from 3rd-party apps - The Yahoo icon won’t appear in apps, even if the email is truly from us. Check the sender’s email address without opening the email by mousing over the sender’s name in your Inbox.
- Your review of content on Yahoo (such as travel destinations and local businesses) received a response.
- There's important activity related to your account, such as password changes or expiration of a credit card you use to pay for any Yahoo services.
- Don't enable the "use less secure apps" feature.
- Don't reply to any SMS request asking for a verification code.
- Don't respond to unsolicited email or requests to send money.
- Pay attention to the types of data you're authorizing access to, especially in third-party apps.
- Use only legitimate third-party apps, which won't ask you for Yahoo's two-factor verification code.
- Don't use internet search engines to find Yahoo contact info, as they may lead you to malicious websites and support scams. Always go directly to Yahoo Help Central for legitimate Yahoo customer support.
- Never click suspicious-looking links. Hover over hyperlinks with your cursor to preview the destination URL. Sometimes a hyperlink can be displayed as a Yahoo link in an email, when in fact the destination URL will be a malicious domain.
- Be careful when authorizing an app to access your account or when providing any third-party access to your account info. Applications officially supported by Yahoo go through an industry-standard vetting process that offers a clear, obvious authentication known as OAuth 2.0.
- Spoofing - used by spammers to make an email or website appear as if it's from someone you trust.
- Phishing - an attempt by scammers to pose as a legitimate company or individual to steal someone's personal information, usernames, passwords, or other account information.
- Fake email addresses - Malicious actors sometimes send from email addresses made to look like an official email address but in fact is missing a letter(s), misspelled, replaces a letter with a lookalike number (e.g. “O” and “0”), or originates from free email services that would not be used for official communications.