I received this phish last week. It’s a follow-up to the phish I posted previously here.
In it, they told me about it previously and I needed to confirm I’ve read and acknowledge the new Yahoo Mail terms of service. Unfortunately, I’ve been sick for the past week and didn’t get a chance to investigate the email before today and I find that the payload site has already been taken down.
The red call-out square is just me showing where the link leads to. The red square did not appear in the email. I would imagine that non-technical recipients of this email that don’t have good knowledge of phishing emails could fall for this phish. It passed DMARC authenticity checks because it was sent from a Yahoo email address. However, it was sent from either a spoofed or a compromised Yahoo mailbox.
–Matt