Phishers Use Yahoo IM to Propagate Phishing Scam

Phishing e-mails was doing the rounds of the Internet through Yahoo Messenger on June 29, 2007. The e-mail directs recipients to a corrupt Website where they are asked to key in their Yahoo username and password. The instant message would subsequently pass itself on to all the IM (Instant Messagisng) contacts on the victim's list.

The IM that comes to a recipient has a link connecting to a Geocities Web page with smiley faces all around the link. The site resembles a legitimate Yahoo 360 login page that asks for the user's username and password, which the fake site stores to use it later for wicked purposes.

Yahoo is probing the issue and intends to shut down the Geocities Website tentatively if someone is misusing it, said Meagan Busath, a Yahoo spokesperson, as published by Cnet News on June 29, 2007. Geocities is a free web page service from Yahoo. Yahoo has also decided to set up filters on the Messenger system to stop the malicious link from propagating, Busath added.

Phishers often paste smiley faces and other pleasant emotions on their e-mails to create an impression of safety about the IM. Phishers also use Geocities sites for their scams. While such scams have occurred in the past, it is now increasingly getting common.

Yahoo is earnest about its security and consistently uses means to maintain its users' protection. Yahoo is aware of the new incident as it links to phishing affecting the industry at broader level. It is therefore working on a fix, Busath said in a statement reported by Millersmiles at the end week of June 2007.

IM users should always confirm links from their senders even if they are from a trusted source. They should verify if the links are legitimate.

Busath advises users to increase their awareness to make it their key defense. For that, the Yahoo security center offers all help. Yahoo has prioritized consumers' education so that their power to protect themselves on the Internet improves. Yahoo has also posted a 'Security Update' alert on the front page of Messenger to tell users about the new patch for the problem.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 7/10/2007