October 16, 2006 2:53 PM PDT

Phishers hijack IM accounts

Related Stories

Phishers catch on to the Net's 'long tail'

September 12, 2006

Yahoo adds phishing shield

August 22, 2006

Spim, splog on the rise

July 6, 2006

Yahoo adds e-commerce to Web hosting

September 23, 2003
In a twist on phishing, cybercrooks are hijacking instant-messaging accounts to lure people to their information-thieving Web sites.

Traditional phishing scams send out spam e-mail that contain links to fraudulent Web sites. These sites try to trick people into giving up sensitive information, such as credit card details, Social Security numbers or login credentials for online services.

In a tactic that includes an arsenal of online weapons, scammers are now also commandeering IM accounts to spread their bait. The barrage of attacks used includes account hijacking, phishing and SPIM, or spam via instant messaging.

screenshots

On Friday, for example, a Yahoo employee found that scammers had used her account. They sent her Yahoo Messenger contacts a link to a phishing site. The miscreants had gotten hold of her login credentials, probably through another scam that she had fallen for, the company said.

The link led to a site hosted on Geocities, Yahoo's free Web space service. The fraudulent site looked just like a Yahoo Photos Web site and asked visitors for their Yahoo login information. Yahoo took the scam site down on Friday morning.

"These hackers are super-devious, and we try to stay as much ahead of them as we can, but it is an industrywide issue," a Yahoo representative said Monday.

Education is important in battling the problem, the Yahoo representative said. As part of that, people should know not to blindly trust links received in IM, even if the link comes from a friend. Such links could be part of an IM worm or, as happened on Friday, bait for a phishing scam.

In August, Yahoo launched a new security feature that lets people customize their login page, a measure designed to thwart phishing scams. The feature requires the user to create a unique "sign-in seal" on a specific PC. This seal--a text message or photo--will be displayed on the Yahoo login page when visited with that key.

Phishing is one of the most common online threats. In August, 26,150 phishing Web sites were reported to the Anti-Phishing Working Group, a cross-industry group established to fight phishing.

See more CNET content tagged:
phishing, Yahoo! Inc., phishing Web site, IM, link

4 comments

Join the conversation!
Add your comment
Yahoo Geocities
90% of yahoo geocrap sites are scams from porn to phishing - they need to rethink ho people sign up and maybe they need to very the sites they host and this wouldn't be a problem
Posted by cma299 (4 comments )
Reply Link Flag
No thanks Yahoo!
As long as Yahoo & the others continue to use the MSN IM core under license (and optimising IM content by support of the IE browser only), a user should be crystal clear that he or she is exposing themself to the easiest form of being hacked on earth. No matter what "marketing rubbish" Yahoo chooses to advertise about alleged new "security features," their (and other IM clients supporting the MSFT programs core under license or direct from MSN) IM will remain easily hackable now as it's always been.

If one is serious about a more secure IM experience, one might wish to try to get one's friends, family and colleagues to switch over to an IM based on the Jabber core that supports Firefox etal like GoogleTalk etal. Still, wisdom dictates prudence in clicking on links from even your best friends and closest family members if they know little about internet security and networking protocols.

IM like other web-based services must be viewed in the same manner that we're trained to drive a car. Defensive driving is critical; the most conservative and safest assumumption is that everyone else on the highway is clueless and dangerous to your health and well-being. Well, even moreso on IM, because we're got some serious malicious players on that highway, which is not the case on an automotive highway.
Posted by i_made_this (302 comments )
Reply Link Flag
well said
Right to the point. Good driving analogy. We live in a time of bothersome attempts to hijack our info, it's only prudent to have a cautious mindset when opening any port or other internet access. Thanks
Posted by 42n8k9 (2 comments )
Link Flag
A little late?
This scam has been circulating for almost a year now. I've had a couple of friends that fell victim to the scam and complained to Yahoo. Guess what Yahoo did... Absolutely nothing. I guess when a few of their internal employees get taken they start to take notice.

For the reporter that posted this story, it would be great if you could give some useful information about how to remedy a problem like this instead of just reporting that there is a problem.

If you have had a chance to talk to Yahoo representatives directly what do they recommend people do that have been scammed? Where should people report geocities pages that are blatant phishing scams? How can a user regain their IM account after having the account stolen and the password changed?

A friends account was sending me phishing IM's to me for a couple of months before the account finally was disabled?. The messages were all exactly the same, can't Yahoo search for the text and detect which accounts have been compromised automatically?

A good followup article on this subject would be really cool for all of the poor suckers that have not only been scammed, but have been done a disservice by Yahoo's unresponsiveness to the problems in its system.
Posted by visionep (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.