netmasta Posted September 27, 2005 CID Share Posted September 27, 2005 Yahoo Users Get Phished Jeremy Kirk, IDG News Service Mon Sep 26, 6:00 PM ET A new phishing method is targeting Yahoo users by recording their user name and password while logging them into a legitimate area of the portal, according to Websense, a Web security software firm. ADVERTISEMENT Adblock Users receive an instant message or e-mail purporting to be from a friend wanting to show photos from a vacation or birthday party. The message has a link to the phishing site, which records the user's ID and password while forwarding the user to the real Yahoo Photos site. "It would be difficult for the user to know they'd actually been phished," says Ross Paul, Websense product manager for Europe, the Middle East, and Africa. New Tricks It appears the phishers are close to home: The actual phishing site is hosted in free Web space provided by the Yahoo Geocities service in the United States, Websense says. Not only are the phishers using a fake logo to trick users, but they are also forwarding the person to another site, a method that has been used before but not on such a large scale, Paul says. Websense's worldwide network, which monitors Internet traffic, detected the technique. "That leads us to believe [the phishing attack] is fairly widespread," Paul says, adding, however, "It's difficult to quantify." Protect Yourself The advice for users is similar to that issued in prior warnings: Be leery of unexpected e-mails and check with the sender to make sure an e-mail is authentic. Users can also always check with Yahoo to see if a specific e-mail is legitimate, Paul says. "I think what you are seeing is criminals are getting more sophisticated in social engineering," Paul says. In an e-mail response to a query about the warning, Yahoo spokesman David Sawday wrote: "When we learn about phishing sites on our network, we remove them as quickly as possible." He did not provide information on how Yahoo was dealing with the new phishing method. Quote Link to comment Share on other sites More sharing options...
junkieXL Posted September 28, 2005 CID Share Posted September 28, 2005 I will never quite understand the appeal of phishing/cracking a random free email account such as Yahoo, MSN,Hotmail, etc. e-mail boxes i cannot find exciting. i must have 15+ email boxes ,from all my shell accounts, etc. 13 of them i've never used. Instead of browsing a 'loser @yahoo.com's phished mailbox full of the same spam & virii that we all get, these people with skills enough to fashion this pathetic phish scam should use that skill on some real hacking; or get a day job & shave their backs. Quote Link to comment Share on other sites More sharing options...
VampireXxX Posted September 28, 2005 CID Share Posted September 28, 2005 i don't think they crack your hotmail/yahoo just to read your inbox....i believe they just want your address book 'coz not all your contact use free account.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.