Jump to content

Yahoo Users Get Phished


Recommended Posts

Yahoo Users Get Phished

Jeremy Kirk, IDG News Service Mon Sep 26, 6:00 PM ET

A new phishing method is targeting Yahoo users by recording their user name and password while logging them into a legitimate area of the portal, according to Websense, a Web security software firm.



Users receive an instant message or e-mail purporting to be from a friend wanting to show photos from a vacation or birthday party. The message has a link to the phishing site, which records the user's ID and password while forwarding the user to the real Yahoo Photos site.

"It would be difficult for the user to know they'd actually been phished," says Ross Paul, Websense product manager for Europe, the Middle East, and Africa.

New Tricks

It appears the phishers are close to home: The actual phishing site is hosted in free Web space provided by the Yahoo Geocities service in the United States, Websense says.

Not only are the phishers using a fake logo to trick users, but they are also forwarding the person to another site, a method that has been used before but not on such a large scale, Paul says. Websense's worldwide network, which monitors Internet traffic, detected the technique.

"That leads us to believe [the phishing attack] is fairly widespread," Paul says, adding, however, "It's difficult to quantify."

Protect Yourself

The advice for users is similar to that issued in prior warnings: Be leery of unexpected e-mails and check with the sender to make sure an e-mail is authentic. Users can also always check with Yahoo to see if a specific e-mail is legitimate, Paul says.

"I think what you are seeing is criminals are getting more sophisticated in social engineering," Paul says.

In an e-mail response to a query about the warning, Yahoo spokesman David Sawday wrote: "When we learn about phishing sites on our network, we remove them as quickly as possible." He did not provide information on how Yahoo was dealing with the new phishing method.

Link to comment
Share on other sites

I will never quite understand the appeal of phishing/cracking a random free email account such as Yahoo, MSN,Hotmail, etc.

e-mail boxes i cannot find exciting. i must have 15+ email boxes ,from all my shell accounts, etc.

13 of them i've never used.

Instead of browsing a 'loser @yahoo.com's phished mailbox full of the same spam & virii that we all get, these people with skills enough to fashion this pathetic phish scam should use that skill on some real hacking; or get a day job & shave their backs.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...