Identify legitimate Yahoo websites, requests, and communications

Scammers are always looking for ways to get personal info with malicious intent. Know how to recognize legitimate Yahoo websites, requests, and communications to keep your account secure.

Yahoo websites

If you’re on a Yahoo website, the URL contains “”, “”, or “”. Another indication that the site is secure is the presence of the lock icon in the address bar.

Yahoo requests

We never ask for personal info, such as credit cards or passwords, in emails. However, from time to time, we’ll ask you to update your recovery info after signing in. You’ll also get a notification titled “Your Yahoo account information has changed” if any info in your account settings are updated.

What Yahoo communications look like

  • Viewing from web-based email - Emails from us include a Yahoo icon next to the subject or sender. If you don’t see it, then the email isn’t from Yahoo.
  • Viewing from 3rd-party apps - The Yahoo icon won’t appear in apps, even if the email is truly from us. Check the sender’s email address without opening the email by mousing over the sender’s name in your Inbox.

Reasons you'll receive notifications

  • You received a Yahoo Alert
  • Someone responded to a conversation you participated in, on a Yahoo article
  • A comment you posted in a Yahoo article received at least one response or thumbs-up
  • Your review of content on Yahoo (such as travel destinations and local businesses) received a response
  • There's important activity related to your account, such as password changes or expiration of a credit card you use to pay for any Yahoo services

Best practices to keep yourself safe

Best practices

  • Never click suspicious-looking links.
  • Don't reply to any SMS request asking for a verification code.
  • Don't respond to unsolicited email or requests to send money.
What to watch out for
  • Phishing - an attempt by scammers to pose as a legitimate company or individual to steal someone's personal information, usernames, passwords, or other account information.
  • Spoofing - used by spammers to make an email or website appear as if it's from someone you trust.
If you think your account has been compromised