Yahoo Messenger was again the carrier of a phishing scam on Friday jun 29. This new wave of phishing directed the users to a hijacked website asking them to enter their Yahoo username and password. Worse yet, the infected YM message forwards itself to the victim's YM contacts.
Yahoo is investigating the matter and will take down the Geocities Web site if it is used n the phishing scam, a Yahoo spokeswoman said. Geocities is Yahoo's free Web space service. Yahoo also will add filters to the Messenger system to prevent the malicious link from being sent, she said.
Phishers often use smiley faces and other emoticons to make the victim feel that the IM is safe. Geocities sites are often used in phishing scams. Such scams are not new and are becoming increasingly more common.
IM users should not blindly trust links they receive even if the link comes from a trusted source or friend. Users should confirm that the person behind the IM account actually sent the link and that it is legitimate.
If you are duped, immediately change your password and notify your Yahoo IM contacts about the malicious IM. Yahoo users also can customize their Yahoo log-in page with a security seal so they will know that the site is legitimate. More information is here.
