Gone Phishing ... this time with Yahoo Messenger.

Yesterday, I got two instant messages from friends leading me to a GeoCities page that promised a joke, but instead offered a log in page for Yahoo. It struck me as odd, because I was already logged into Yahoo and couldn't think of any reason for Yahoo to ask me to log in again. Hmmm...

After consulting with the friends and looking at the source code of the web page I discovered that the instant message was phishing for my Yahoo credentials. I can only guess that once the page had the credentials it could log in as me and then send the same instant message to all of my friends. I resisted temptation.

The Geocities page looks like this:

I especially love the fact that they included the "Prevent Password Theft" seal of approval on the page. For bad guys, it's a nice touch.

What to do? Don't click on links from friends? Maybe. Geocities has become such so rich in scams that it might be ok to simply exclude their domain along with all of the .info domains from your allowed list of websites.

At a minimum, don't enter your credentials in web pages hosted at GeoCities...

Tags: , , ,

About Phil Yanov

Phil Yanov is a Technologist, Columnist and Public Radio Commentator.

He is the founder of Tech After Five as well as the founder and President of the GSA Technology Council and the IT Leadership Council.

His personal technology column appears in Greenville Business Magazine and the Columbia Business Journal.

He co-hosts the Your Day technology shows heard on NPR radio stations across South Carolina and is a frequent contributor to technology stories appearing on radio and television.