Yahoo 360's gone phishin'

A new phishing scheme is making its rounds, and using Yahoo Instant Messenger as its lure.

A new phishing scam is circulating through Yahoo IM lists, sending emoticon-laden links to contacts on an infected account. Indeed, CNET's own Yahoo Messenger users have not been immune.

Dangerous phishing link

Phishing link sent through Yahoo IM.

(Credit: CNET Networks)

The link reads as a Geocities.com URL, but spoofs a Web page advertising Yahoo 360, a social-networking service.

Spoofed Yahoo 360 langing

Spoofed landing page for rigged Yahoo 360 service.

(Credit: CNET Networks)

Phishing schemes simulate legitimate Web sites to trap users into giving up their account information. With that information harvested, security fraudsters can sell your passcodes or exploit them directly by breaking into your bank or personal account. From there, the possibilities for fraud are varied.

While many phishing schemes are poor approximations of the real deal, with sketchy graphics and spelling and grammar errors, this Yahoo 360 spoof is more believable. Moreover, spoofs are successful when users follow the automatic reflex to sign-in to their account, or buy into the sense of urgency and doubt created by a doomsday phishing e-mail, for example, that the victim's account is about to expire.

Yahoo 360 home page

Legitimate home page for Yahoo 360.

(Credit: CNET Networks)

Social conditioning may also play a role in the success of IM phishing for contacts who are accustomed to click links sent by their colleagues and friends. While CNET has extensively covered e-mail phishing on CNET Download.com, CNET News.com, and on CNET Security, IM phishing is a newer approach to illegal data harvesting, and perhaps one that many users don't regularly question.

So keep those senses sharp, and make sure your PC is fully patched.

CNET Top 5
Companies Apple could buy with their billions
Apple's sitting on a massive pile of cash. Here are five interesting ways they could spend it.
Play Video
 

Member Comments