Gone Phishing With Yahoo

    September 26, 2005
    WebProNews Staff

Three weeks ago, Spamhaus accused Yahoo of hosting some 5,000 phishing sites, and now one has been using Yahoo’s logo to help steal login information.

It’s bad enough that the phishing site reported by InfoWorld uses Yahoo’s look and feel to steal login information from victims. But the report also says the site is hosted by Geocities, the site-hosting community Yahoo purchased several years ago.

The report cites Websense, a security software firm, as noting how the phishing scam works. A user receives an instant message or email claiming to be from a friend who wants to share pictures from a gathering like a party or a vacation.

A link in the message takes the user to a lookalike site, where the login credentials are captured before moving the user to the Yahoo Photos site. This phishing scheme logs the victim into the Photos section of Yahoo after grabbing the username and password.

A Websense product manager for EMEA, Ross Paul, said in InforWorld: “It would be difficult for the user to know they’d actually been phished.” The tactic shows a growing sophistication among online criminals.

Users should ensure messages they receive actually come from a legitimate sender; when in doubt, typing in the link in the address bar instead of clicking the link will be a safer prospect.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.