312-50V9 · Question #318
Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]"". Which statement below is t
The correct answer is C. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service. A legitimate bank representative would communicate using an official corporate email domain, not a free public service like @yahoo.com, which anyone can register.
Question
Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]"". Which statement below is true?
Options
- AThis is probably a legitimate message as it comes from a respectable organization.
- BBob should write to [email protected] to verify the identity of Scott.
- CThis is a scam as everybody can get a @yahoo address, not the Yahoo customer service
- DThis is a scam because Bob does not know Scott.
How the community answered
(16 responses)- A6% (1)
- B13% (2)
- C81% (13)
Why each option
A legitimate bank representative would communicate using an official corporate email domain, not a free public service like @yahoo.com, which anyone can register.
The @yahoo.com domain belongs to a public email provider, not to any bank; using it for official bank communications is a direct red flag, not a sign of legitimacy.
Replying to the provided address would contact the attacker directly, potentially exposing personal information or initiating further manipulation through continued social engineering.
Legitimate financial institutions and their employees use corporate email addresses tied to the organization's registered domain (e.g., @yahoobank.com), not free consumer email services. Because any person can create a @yahoo.com address with any display name, this message provides zero authentication of the sender's identity and is a classic social engineering or phishing attempt designed to create urgency around a 'vital transaction'.
Not personally knowing Scott is not a reliable technical indicator of a scam - the definitive indicator is the use of a free public email domain instead of a verified corporate bank domain.
Concept tested: Phishing and social engineering email domain verification
Source: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks
Topics
Community Discussion
No community discussion yet for this question.