Sophisticated phishing targets Yahoo users

A new phishing method is targeting users of Yahoo Inc. by recording their user name and password while logging them into a legitimate area of the portal, according to Websense Inc., a Web security software firm.

Users receive an instant message or e-mail purporting to be from a friend wanting to show photos from a vacation or birthday party. The message has a link to the phishing site, which records the user's ID and password while forwarding the user to the real Yahoo Photos site.

Yahoo officials were not immediately available for comment.

"It would be difficult for the user to know they'd actually been phished," said Ross Paul, Websense product manager for Europe, the Middle East and Africa.

And it appears the phishers are close to home: The actual phishing site is hosted in free Web space provided by Yahoo Geocities service in the U.S., Websense said.

read the rest at: