Yahoo 360's gone phishin'

A new phishing scheme is making its rounds, and using Yahoo Instant Messenger as its lure.

A new phishing scam is circulating through Yahoo IM lists, sending emoticon-laden links to contacts on an infected account. Indeed, CNET's own Yahoo Messenger users have not been immune.

Dangerous phishing link
Phishing link sent through Yahoo IM. (Credit: CNET Networks)

The link reads as a URL, but spoofs a Web page advertising Yahoo 360, a social-networking service.

Spoofed Yahoo 360 langing
Spoofed landing page for rigged Yahoo 360 service. (Credit: CNET Networks)

Phishing schemes simulate legitimate Web sites to trap users into giving up their account information. With that information harvested, security fraudsters can sell your passcodes or exploit them directly by breaking into your bank or personal account. From there, the possibilities for fraud are varied.

While many phishing schemes are poor approximations of the real deal, with sketchy graphics and spelling and grammar errors, this Yahoo 360 spoof is more believable. Moreover, spoofs are successful when users follow the automatic reflex to sign-in to their account, or buy into the sense of urgency and doubt created by a doomsday phishing e-mail, for example, that the victim's account is about to expire.

Yahoo 360 home page
Legitimate home page for Yahoo 360. (Credit: CNET Networks)

Social conditioning may also play a role in the success of IM phishing for contacts who are accustomed to click links sent by their colleagues and friends. While CNET has extensively covered e-mail phishing on CNET, CNET, and on CNET Security, IM phishing is a newer approach to illegal data harvesting, and perhaps one that many users don't regularly question.

So keep those senses sharp, and make sure your PC is fully patched.

About Jessica Dolcourt

Jessica Dolcourt reviews smartphones and cell phones, covers handset news, and pens the monthly column Smartphones Unlocked. A senior editor, she started at CNET in 2006 and spent four years reviewing mobile and desktop software before taking on devices.