Yahoo Messenger Phishing Target

    March 26, 2005

A Yahoo spokesperson has confirmed that Yahoo Messenger is the target of a phishing attack.

Users receive messages that look like they are from people on their buddy lists. When the user clicks a link in a message, they are taken to what appears to be Yahoo’s site, but is a trap where their login information is stolen.

The Web site appears to be official and asks users to enter a confidential user name and password, often times to ‘confirm their identity.’ While email filtering tools are deployed at most enterprises to block phishing attempts, less than 10% off all enterprises have security solutions in place for IM networks, providing an attractive target for phishing schemes. The most recent IM phishing attack identified by the Akonix Security Center occurred over Yahoo! Messenger. Under this scam, users received a message from someone on their buddy list asking them to click on an apparent Yahoo! URL. Once the user enters their credentials on the Web site, the attacker has access to personal information stored on their Yahoo! Profile.

“With this year’s explosive growth in IM worms and attacks, organizations can no longer afford to leave their IM users unprotected and unmanaged,” said Francis Costello, chief marketing officer of Akonix Systems. “Phishing scams target sensitive data access utilizing unsuspecting employees, and worms can quickly compromise entire networks. Akonix provides the tools that allow organizations to continue to realize the productivity benefits and cost savings of IM while insulating their employees and networks from the growing threat of IM-based attacks.”

WebProNews | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.