Identify legitimate Yahoo websites, requests and communications.

Scammers are always looking for ways to obtain personal information with malicious intentions. Know how to recognize legitimate Yahoo websites, requests and communications to keep your account secure.

Yahoo websites

If you are on a Yahoo website, the URL contains "yahoo.com" or "tumblr.com". Another indication that the site is secure is the presence of the lock icon in the address bar.

Yahoo Requests

We never request personal information, such as credit cards or passwords, in emails. However, from time to time, we will ask you to update your recovery information after logging in. You will also receive a notification titled "Your Yahoo account information has changed" if any information is updated in your account settings.

What Yahoo communications look like

1. Viewing from a web-based email: Emails from us include a Yahoo icon next to the subject or sender. If you don't see it, then the email is not from Yahoo.
2. Viewing from third-party applications: the Yahoo icon will not appear in the applications, even if the email is really from us. Verify the sender's email address without opening the email by moving the mouse over the sender's name in your Inbox.

Reasons why you will receive notifications

1. Someone responded to a conversation in which you participated, in a Yahoo article.
2. A comment you published in a Yahoo article received at least one response or approval.
3. Your review of content on Yahoo (such as travel destinations and local businesses) received a response.
4. There is an important activity related to your accounts, such as password changes or expiration of a credit card that you use to pay for any Yahoo service.

Best practices to stay safe

Better practices

1. Do not enable the "use less secure applications" feature.
2. Do not respond to any SMS request requesting a verification code.
3. Do not respond to unsolicited emails or requests to send money.
4. Pay attention to the types of data to which you are authorizing access, especially in third-party applications.
5. Use only legitimate third-party applications, which will not ask you for the two-factor verification code from Yahoo.
6. Do not use Internet search engines to find Yahoo contact information, as they can take you to malicious websites and support scams. Always go directly to Yahoo Help Central for legitimate assistance to the Yahoo customer.
7. Never click on suspicious-looking links. Hover over hyperlinks with the cursor to preview the destination URL. Sometimes, a hyperlink can be displayed as a Yahoo link in an email, when in reality the destination URL will be a malicious domain.
8. Be careful when authorizing an application to access your account or when providing third-party access to your account information. Officially supported Yahoo applications go through an industry-standard selection process that offers clear and obvious authentication known as OAuth 2.0.

Take care

1. Spoofing: used by spammers to make an email or website look like someone they trust.
2. Phishing: an attempt by scammers to impersonate a legitimate company or individual to steal personal information, usernames, passwords or other information from someone's account.
3. False email addresses: malicious actors sometimes send from email addresses that resemble an official email address, but in fact missing a letter (s), are misspelled, replace a letter with a similar number ( for example, "O" and "0"), or originates from free email services that would not be used for official communications.