Phishing (online fraud)

Phishing refers to a variety of Internet scams that are designed to collect confidential user information (account passwords, credit card numbers, PINs, etc.). Fraudsters send out emails under the names of companies, services, or social networks that closely resemble authentic messages.

Phishing emails

Fraudulent emails may ask you to do the following:

  • Provide your username and password to a given service or site (for example, allegedly due to problems with delivery or system failures). Most often, the From field of these types of messages contains “Customer Support” “support” or “admin”.

    Yandex staff members and Support will never ask you to send your login information.

  • Send an SMS to a short number (allegedly to confirm your identity or activate your mailbox). SMS messages to short numbers usually cost more than other text messages under your rate plan, but information about this inflated cost is usually withheld or given in a part of the message where it is least visible. As a result, an arbitrary amount, most often 100–200 rubles, is debited from your phone account right after the message is sent to the short number. In a number of situations, a feature debiting daily funds from your phone account may be enabled.

    Be careful: Yandex will never ask you to send SMS. Instead, it sends SMS to you. You do not need to answer these SMS.

  • Fill in a form (supposedly to participate in a prize drawing or receive a gift). This type of form usually asks for your passport information and credit card number in addition to your full name and contact phone numbers.

    If you receive a message about Yandex giving away prizes, contact us to get more information (http//company.yandex.ru/contacts). If there really is a prize drawing, make sure you are not asked to pay for the prize delivery in advance or to pay a participation fee, because Yandex never asks you to pay for what you have not ordered yourself.

  • Click through to a web-site (to enter your login and password, for instance; otherwise they threaten to block or delete your mailbox).

    Be careful: Yandex never sends messages threatening to block or delete an account.

    Don't click such links, as they lead to malicious websites. To check the link's address, hover the cursor over it, but don't click it: the address will be displayed in the lower left corner of the screen.

    Yandex addresses look like https://yandex.com/section or https://service.yandex.com/section. There must be a slash (/) after yandex.ru, not a dot. If you see a different address, typos, or a meaningless set of characters, don't click this link.

    If you clicked through to the website, check the site address in the address bar. Phishing websites look like websites of real companies or services, but they are fake. Scam artists can easily get access to any information entered by the user on these types of webpages.

How to prevent becoming a victim of fraud

Carefully view all incoming mail and check link addresses so as not to fall victim to phishing scams. Phishing links often contain a meaningless combination of characters or typos. Never pay for purchases or bills you are not sure about; never send SMS to suspicious numbers; and never give your Yandex password to anyone.

Yandex.Mail marks all phishing emails with a special warning:

If you discover a phishing or otherwise suspicious email that is not marked with a warning, please let us know using the feedback form and include its properties.

What should you do if you fall victim to fraud

  • Contact the police if funds have been unlawfully debited from your account.
  • If you have followed a phishing link, check your computer for viruses with the help of free antiviruses such as CureIt! from Dr.Web and Virus Removal Tool from Kaspersky Laboratory .If you followed a phishing link, check your computer for viruses using a free antiviruse program such as CureIt! from Dr.Web and Virus Removal Tool from “Kaspersky Lab”.
  • If you entered your password on a fake page, be sure to change it in your Passport, link your phone number phone number to your account, and change your security question and answer. First you should check your computer for viruses, though. If you lost access to your account, follow the instructions to restore access.