Phishing

Phishing messages are emails sent by scammers that pose as legitimate notices from Yandex, banks, and other official organizations. The goal of such messages is to make you enter your password or credit card information into a fake field.

More about fraudulent email (phishing)

Scammers send fake email on behalf of companies and services that you use: social networks, postal services, government agencies, or payment systems. The email messages are written and formatted in a convincing way to avoid suspicion. The sender's name and address also appears to be in order. Hackers disguise phishing email in hopes you won't notice the difference.

The messages use a sense of urgency to make you click the link inside and enter personal data, such as your account passwords, credit card number, or PIN. The link leads you to a fake website. These sites usually mimic the appearance of their real counterparts, so it's quite easy to be misled into entering personal data on such a website. Scammers get the information they need and use it to send spam to other users, get access to your social network account, or even steal money from your bank account.

Attention. Yandex will never send email asking you to follow a link and enter personal data.
How to tell a phishing email apart from a real one

Make sure to check the addresses of links. To learn where a link leads to, hover over it without clicking. You will see the address in the bottom left corner of the window.

A Yandex-based address follows the format of https://yandex.ru/section or https://service.yandex.ru/section. yandex.com must always be followed by the / symbol, not a dot. If the address you see is different, contains typos, or has a random string of symbols, don't click it.

If you clicked through to the website, please check the site address in the address bar.

How to prevent becoming a victim of fraud
  • Carefully check all incoming email messages and link addresses.
  • Never pay for purchases or bills you don't remember. Never send text messages to suspicious phone numbers and never share your Yandex password.

Yandex Mail marks all phishing emails with a special warning:

If you discover a phishing or otherwise suspicious email that is not marked with a warning, please let us know using the feedback form and include its properties.

What should you do if you fall victim to fraud
  • Contact the police if funds have been unlawfully debited from your account.
  • If you followed a phishing link, check your computer for viruses using free antivirus programs, like CureIt! by Dr.Web or Kaspersky Virus Removal Tool.
  • If you shared your password on a phishing page, make sure to change your Yandex ID password, link your phone number to your account, and change your security question and answer. We recommend doing this after checking your computer for viruses. If you lost access to your account, follow the instructions to restore access.
If a phishing email is not marked with a warning

If you discover a phishing or otherwise suspicious email that is not marked with a warning, please let us know using the feedback form and describe its properties.