A new phishing method is targeting Yahoo users by recording their user name and password while logging them into a legitimate area of the portal, according to Websense, a Web security software firm.
Users receive an instant message or e-mail purporting to be from a friend wanting to show photos from a vacation or birthday party. The message has a link to the phishing site, which records the user's ID and password while forwarding the user to the real Yahoo Photos site.
"It would be difficult for the user to know they'd actually been phished," says Ross Paul, Websense product manager for Europe, the Middle East, and Africa.
It appears the phishers are close to home: The actual phishing site is hosted in free Web space provided by the Yahoo Geocities service in the United States, Websense says.
Not only are the phishers using a fake logo to trick users, but they are also forwarding the person to another site, a method that has been used before but not on such a large scale, Paul says. Websense's worldwide network, which monitors Internet traffic, detected the technique.
"That leads us to believe [the phishing attack] is fairly widespread," Paul says, adding, however, "It's difficult to quantify."
The advice for users is similar to that issued in prior warnings: Be leery of unexpected e-mails and check with the sender to make sure an e-mail is authentic. Users can also always check with Yahoo to see if a specific e-mail is legitimate, Paul says.
"I think what you are seeing is criminals are getting more sophisticated in social engineering," Paul says.
In an e-mail response to a query about the warning, Yahoo spokesman David Sawday wrote: "When we learn about phishing sites on our network, we remove them as quickly as possible." He did not provide information on how Yahoo was dealing with the new phishing method.
Note: PC World has a partnership agreement to provide content to Yahoo News.