By Marshall Honorof

A recent phishing attack targets Yahoo Mail users, but despite an ever-so-slightly convincing layout, avoiding it is not difficult.

Phishing attacks are usually easy to avoid, but as long as people keep falling for them, scammers will keep using them. A recent con targets Yahoo Mail users, but despite an ever-so-slightly convincing layout, avoiding it is not difficult, especially if you have Internet security software installed.

Information about the attack comes from Bucharest-based security company Bitdefender's HotforSecurity blog. Yahoo Mail users receive an email from "Yahoo!" entitled "Mail Activity Reports." The first giveaway is that despite the Yahoo! username, the attacker's email address does not match the official Yahoo Mail account.

MORE: 100+ Tech Gift Ideas for Holiday 2014

The email warns users that their storage limits have been surpassed, and that will need a free upgrade to continue using Yahoo Mail. An embedded link takes them to an "upgrade" site, which asks them to sign in with their Yahoo credentials. Cybercriminals then steal the credentials and use it to access users' email records, personal information and financial statements (if possible).

Bitdefender's blog points out that Bitdefender software blocks the malicious site by default, but you don't actually need third-party software to know that this is a scam. For one thing, the grammar is awkward, and the punctuation is all over the place, with errant capitalization and nonsensical marks. Furthermore, Yahoo would never provide a link without writing out the URL for users who prefer (wisely) to not click text links in emails.

Most phishing attacks are dumb and careless, just like this one, but they work because they make users fearful of losing a favorite online service. If you get an email that requests that you sign in somewhere, make sure to check the email address, the content and the format very carefully before you actually click through.

  • 10 Worst Data Breaches of All Time
  • Blackphone Review: All-Encompassing Security
  • 15 Best Mobile Privacy and Security Apps

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at [email protected]. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Thank you for signing up to Tom's Guide. You will receive a verification email shortly.

There was a problem. Please refresh the page and try again.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.