Wednesday, October 25, 2006

Gone Phishing ... this time with Yahoo Messenger.

Yesterday, I got two instant messages from friends leading me to a GeoCities page that promised a joke, but instead offered a log in page for Yahoo. It struck me as odd, because I was already logged into Yahoo and couldn't think of any reason for Yahoo to ask me to log in again. Hmmm...

After consulting with the friends and looking at the source code of the web page I discovered that the instant message was phishing for my Yahoo credentials. I can only guess that once the page had the credentials it could log in as me and then send the same instant message to all of my friends. I resisted temptation.

The Geocities page looks like this:

I especially love the fact that they included the "Prevent Password Theft" seal of approval on the page. For bad guys, it's a nice touch.

What to do? Don't click on links from friends? Maybe. Geocities has become such so rich in scams that it might be ok to simply exclude their domain along with all of the .info domains from your allowed list of websites.

At a minimum, don't enter your credentials in web pages hosted at GeoCities...

Tags: , , ,


At 10:02 AM, Phil Yanov said...

By the way, if you did enter your name and password into that web page, now would be a good time to change your password.


Post a Comment

<< Home