Jump to content
Sign in to follow this  
netmasta

Yahoo Users Get Phished

Recommended Posts

Yahoo Users Get Phished

Jeremy Kirk, IDG News Service Mon Sep 26, 6:00 PM ET

A new phishing method is targeting Yahoo users by recording their user name and password while logging them into a legitimate area of the portal, according to Websense, a Web security software firm.

ADVERTISEMENT

Adblock

Users receive an instant message or e-mail purporting to be from a friend wanting to show photos from a vacation or birthday party. The message has a link to the phishing site, which records the user's ID and password while forwarding the user to the real Yahoo Photos site.

"It would be difficult for the user to know they'd actually been phished," says Ross Paul, Websense product manager for Europe, the Middle East, and Africa.

New Tricks

It appears the phishers are close to home: The actual phishing site is hosted in free Web space provided by the Yahoo Geocities service in the United States, Websense says.

Not only are the phishers using a fake logo to trick users, but they are also forwarding the person to another site, a method that has been used before but not on such a large scale, Paul says. Websense's worldwide network, which monitors Internet traffic, detected the technique.

"That leads us to believe [the phishing attack] is fairly widespread," Paul says, adding, however, "It's difficult to quantify."

Protect Yourself

The advice for users is similar to that issued in prior warnings: Be leery of unexpected e-mails and check with the sender to make sure an e-mail is authentic. Users can also always check with Yahoo to see if a specific e-mail is legitimate, Paul says.

"I think what you are seeing is criminals are getting more sophisticated in social engineering," Paul says.

In an e-mail response to a query about the warning, Yahoo spokesman David Sawday wrote: "When we learn about phishing sites on our network, we remove them as quickly as possible." He did not provide information on how Yahoo was dealing with the new phishing method.

Share this post


Link to post
Share on other sites

I will never quite understand the appeal of phishing/cracking a random free email account such as Yahoo, MSN,Hotmail, etc.

e-mail boxes i cannot find exciting. i must have 15+ email boxes ,from all my shell accounts, etc.

13 of them i've never used.

Instead of browsing a 'loser @yahoo.com's phished mailbox full of the same spam & virii that we all get, these people with skills enough to fashion this pathetic phish scam should use that skill on some real hacking; or get a day job & shave their backs.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...