A new phishing method is targeting users of Yahoo by recording their user name and password while logging them into a legitimate area of the portal, according to Websense, a Web security software firm.
Users receive an instant message or e-mail purporting to be from a friend wanting to show photos from a vacation or birthday party. The message has a link to the phishing site, which records the user's ID and password while forwarding the user to the real Yahoo Photos site.
"It would be difficult for the user to know they'd actually been phished," said Ross Paul, Websense product manager for Europe, the Middle East and Africa.
And it appears the phishers are close to home: The actual phishing site is hosted in free Web space provided by Yahoo Geocities service in the U.S., Websense said.
The method is unique in the fact that not only are the phishers using a fake logo to trick users, but also forwarding the person to another site, a method that has been used before but not on such a large scale, Paul said. Websense's worldwide network, which monitors Internet traffic, detected the technique.
"That leads us to believe it is fairly widespread," Paul said, adding, however, "It's difficult to quantify."
The advice for users is similar to prior warnings: Be leery of unexpected e-mails and check with the sender. Users can also always check with Yahoo to see if a specific e-mail is legitimate, Paul said.
"I think what you are seeing is criminals are getting more sophisticated in social engineering," Paul said.
In an e-mail response to a query about the warning, Yahoo spokesman David Sawday wrote "When we learn about phishing sites on our network, we remove them as quickly as possible." He did not have information on how Yahoo was dealing with the new phishing method.