The Yahoo breach news is another opportunity for industrious criminals prey on user concern about account security. Here's what to look for in the latest phishing hook Credit: Thinkstock It took about….what? a day?… for criminal phishers to take advantage of this week’s Yahoo breach news and create emails that they hope will fool Yahoo mail users into thinking their account “needs updating.”I have a Yahoo mail account and received this email Thursday. It notifies me that my account access is “temporarily limited for failing automated security server update.” It then helpfully asks me to “kindly upgrade” my email with the link below to re-verify account ownership “or you will be locked out,” it adds ominously.The phish preys on concerns about account security and aims to fool people after Yahoo officials issued email messages this week warning users that their accounts may have been compromised. In the messages, Yahoo CISO Bob Lord says a forged cookie may have been used to access their accounts in previous years. In December, Yahoo reported that data associated with more than 1 billion user accounts was stolen in August 2013. Less than three months earlier, the company reported a separate data breach affecting more than 500 million users that originally occurred in late 2014. This phishing email can be identified as fraudulent due to a few telltale features. Take a look at what’s in the send field. It simply says “Mail” and the address it was sent from is . From this, we know that it is being sent from an address that does not originate with Yahoo’s mail team. It appears to associated with Northern Illinois University. I doubt that Yahoo has moved its mail team operations to NIU, so we know something is not right.The language used is another feature that gives it away as a phishing email. While this message has slightly better grammar and punctuation than many of the phishing emails out there, noting the account is “temporarily limited for failing automated security server update” sticks out as an attempt to sound technical, but lacks the right sentence structure. Asking me to “kindly upgrade my email” also looks off for an official security notification. Phishing emails can vary widely, from sophisticated and hard to spot, to crude and easy to point to as a scam. But spammers will consistently use well-known business names and current events in the hope of tricking you into giving up your sensitive information, like passwords and social security numbers. If you are being asked to click a link or download a document, do not trust and always verify. In a situation like this, head over to the Yahoo site yourself and use the contact information provided to ask questions.For more tips on spotting phishing emails, check out our slideshow Can you spot the phish? Related content news Buying fraud right off the virtual rack Report states online attacks continue to rise, especially for retail sites By Ryan Francis Apr 26, 2017 7 mins Fraud Security news analysis The 7 worst automation failures A list of the moments when technology monumentally backfired, putting security at risk. By Ryan Francis Apr 14, 2017 7 mins IT Strategy Network Security Security news Bot attacking gift card accounts Your gift card might not be worth anything By CSO Staff Mar 24, 2017 3 mins Fraud Security news Report says smart people do dumb things online People from the religious and legal fields were considered lazy for not following security standards. By Ryan Francis Mar 21, 2017 3 mins Identity Management Solutions IT Skills Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe