Security experts are warning of two major new phishing campaigns directed at Dropbox and Yahoo users, designed to compromise email accounts and enable follow-up scams. The Yahoo Mail attacks were first discovered around a month ago – arriving in the form of a simple phishing email claiming the victim has to click on a link to restore recently expired email access.
The ‘Update Now’ link leads to a spoofed Yahoo log-in page designed to harvest these credentials, according to
Symantec. However, things then get more interesting, the AV giant explained: