Yahoo Tests Antiphishing Service

Yahoo is testing a security service designed to prevent Web surfers from landing on sites that look like they are from Yahoo but that are fake ones set up by fraudsters to carry out so-called phishing scams.

The Yahoo service will let users know if they have landed on a legitimate Yahoo sign-in Web page, so as to prevent them from entering their Yahoo ID and password on a phishing site.

The service currently supports only U.S. Yahoo Web sites, is still being tested, and hasn't been officially announced yet, a Yahoo spokesperson said via e-mail today.

Attacking a Big Problem

Phishing is a monumental online security problem. Scammers set up legitimate-looking Web sites from well-known companies such as banks, online stores, and Web portals, and then try to lure people to them via e-mail and other methods. The idea is to trick people into entering, on these fake sites, sensitive information such as passwords and credit card numbers; this captured information could then be used for malicious purposes like ID theft and fraud.

The basis of the new antiphishing service is a Yahoo sign-in seal that will be associated with an individual computer; users will need to install it on every computer they use. Once installed, the seal will appear on Yahoo sign-in screens, letting visitors know that the site is genuine. Creating a seal involves either entering some text terms or uploading an image. The text or image will be displayed in the seal, which will appear only on Yahoo sign-in screens; it thus offers no protection on sites from other companies.

Yahoo cautions that there are reasons why the seal may not appear on otherwise genuine Yahoo sign-in pages. "For example, someone else using your computer may have deleted or changed your seal, your cookies or files on your computer may have been deleted, or you're using a partner or international Yahoo site," Yahoo's site reads. "To be safe, look for these other clues to make sure you're on a genuine Yahoo sign-in screen."

If the computer is shared among family or friends, it is a good idea to show everyone the sign-in seal so they recognize it. For computers in public places, like libraries, the sign-in seal should be created by the locales' administrators and not by visiting users, according to Yahoo.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon