14 DAY TRIAL // The popular Yahoo Messenger is currently affected by several phishing attempts that are trying to lure users to disclose their private information. The malicious actions are conducted extremely easy and are based on an avalanche of messages sent to the users connected to the network. Basically, the phishing attackers need only one infected computer to start the offensive because, after it is successfully installed, it automatically sends messages to the contacts, encouraging them to visit a malicious page. This website hosted by Geocities, demands the user's log-in ID and password, its interface being very similar with the one provided by Yahoo's log-in page.
As CNET reported, the Yahoo representatives confirmed the issues and sustained that the Sunnyvale company will ban all the Geocities pages that are hosting malicious websites. If you didn't know, Geoticies is the free service powered by Yahoo that allows you to create a website in a matter of minutes. Also, the giant portal plans to create some new filters to block the dangerous links sent through the instant messaging client.
"A phishing scam was circulating on Friday through Yahoo Messenger that directs people to a malicious Web site where they are prompted to enter their Yahoo user name and password. The malicious instant message automatically forwards itself to the victim's IM contacts. The IM arrives from someone in your contact list with a link to a Geocities Web page and smiley face emoticons surrounding the link. When clicked on, the link opens a page that looks like a legitimate Yahoo 360 sign-in page," Elinor Mills from CNET reported today.
Personally, I saw several phishing scams similar with this one but every time, I ignored them without even clicking on the links. However, if you receive an unknown link on Yahoo Messenger, avoid opening it before asking your contact if he is the one who sent the message. If not, advise him to install an antivirus product to keep his computer secure.