A new phishing attack targets Yahoo! users’ login credentials. Phishers are turning to secondary sign-on pages of a legitimate area of the portal, and trick users to login into the page with their user name and password.
Security vendor Websense Inc. said that phishers send spam containing photos from a friend wanting to show some recent pictures. The e-mail message includes a link to a phony site, which stores user’s Yahoo! login information and then passes it to the real Yahoo! Photos web page.
“It would be difficult for the user to know they´d actually been phished,” said Ross Paul, Websense product manager for Europe, the Middle East.
Websense also reported that the majority of the phony pages are hosted by Yahoo´s own GeoCities service, which offers free-limited hosting.