Sophisticated Phishing Targets Yahoo Users

A new phishing method is targeting users of Yahoo Inc. by recordingtheir user name and password while logging them into a legitimate areaof the portal, according to Websense Inc., a Web security software firm.

Users receive an instant message or e-mail purporting to be from afriend wanting to show photos from a vacation or birthday party. Themessage has a link to the phishing site, which records the user’s IDand password while forwarding the user to the real Yahoo Photos site.

Yahoo officials were not immediately available for comment.

“It would be difficult for the user to know they’d actually beenphished,” said Ross Paul, Websense product manager for Europe, theMiddle East and Africa.

And it appears the phishers are close to home: The actual phishing siteis hosted in free Web space provided by Yahoo Geocities service in theU.S., Websense said.

The method is unique in the fact that not only are the phishers using afake logo to trick users, but also forwarding the person to anothersite, a method that has been used before but not on such a large scale,Paul said. Websense’s worldwide network, which monitors Internettraffic, detected the technique.

“That leads us to believe it is fairly widespread,” Paul said, adding, however, “It’s difficult to quantify.”

The advice for users is similar to prior warnings: Be leery ofunexpected e-mails and check with the sender. Users can also alwayscheck with Yahoo to see if a specific e-mail is legitimate, Paul said.

“I think what you are seeing is criminals are getting more sophisticated in social engineering,” Paul said.

By Jeremy Kirk – IDG News Service (London Bureau)