NEWS FROM THE LAB - Friday, May 5, 2006

Psst... Come hither, Check out my profile Posted by SGMasood @ 13:18 GMT

One of our readers has brought to our attention an interesting instance of a popular Yahoo! account phishing scam. This scam takes advantage of the fact that Yahoo! requires members to logon to their account to verify their age before they can view members with adult content in their profile. Users on Yahoo! chat rooms, besides other places, are enticed to click on a link to view a profile. The link leads to a phishing web page that is a spoof of a typical Yahoo! profiles login page hosted on a domain named yahoo-members.com.


The interesting thing about this domain is that none of the phishing blacklists we have checked seem to recognize this as a phishing site, which is weird because according to its whois record, yahoo-members.com has been around for about six months now.

This is one more reason why blacklisting should be combined with whitelisting - along with trying to catch all the spoofs of Yahoo! websites out there, phishing filters should also tell the users which Yahoo! sites are genuine. This way, when they go to a spoofed site that is not flagged by the blacklists, it will still make the users suspicious because it wont be validated as genuine either.

By the way, the domain itself has been registered with a yahoo.com email address. Here is the Yahoo! profile of the apparent registrant of the domain with a nice pic.

Thanks for the heads-up, Ian.