Security Market Segment LS
Friday, 07 October 2005 10:00

Photo phishing scammers hit Yahoo!


There's a new trick in online phishing, and this time it uses Yahoo! Photos as the bait. Imitating the Yahoo! Photos site almost exactly, it is difficult for most users to tell the difference between the authentic Yahoo! site and a newly emerged forgery.

Users may be lured to the fake site via emails sent by viruses or through IM messages which contain a deceiving link. Once a user clicks on the link, a page will appear requesting them to log in using their personal account. This page is used to steal user IDs and passwords which may then be used for malicious purposes.

Internet security specialist Trend Micro recommends that users visit the Yahoo! page directly to sign into Yahoo! Photos, and avoid clicking on any links found in emails that ask them to sign in.

Trend Micro also reminds users that often receive email or IM invitations from friends who wish to share their photos to avoid rashly clicking on links from unknown sources. The way in which web browser software processes JPEG photos has already been found to possess flaws, one of which allows for the remote execution of programs if exploited. There are already four image files floating around the internet that exploit this flaw, proving that this is a viable concept. Therefore, if online photo albums are used maliciously, it is very possible that they could be used to spread viruses, according to Trend Micro.

This is the second time in one month that Yahoo! has been targeted by phishers. Last month, Yahoo! Games was used as bait for a phishing scam propagated via Yahoo! instant messenger, and with a web page claiming to provide free games, online competition and free downloads. Once users signed in with their Yahoo! ID and password, this information was sent to a third party, who could use the Yahoo! ID for other, illegal purposes.

Trend Micro Australia and New Zealand senior systems engineer, Adam Biviano, says that in the last few months, a great number of malwares have used HTTP to invade channels, becoming second only to email.

According to Biviano, the machines of many users become infected when viewing web pages, with malwares even running directly in the background on computers that have not installed IE patches, while users are completely unaware that they're infected. In addition to phishing websites imitating eBay, Yahoo! and Citibank, blogs, which have become very popular in the last few years, are now also being tampered with to become a new medium for the spread of malware.

Read 6080 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Stan Beer

Stan Beer has been involved with the IT industry for 39 years and has worked as a senior journalist and editor at most of the major media publications, including The Australian, Australian Financial Review, The Age, SMH, BRW, and a number of IT trade journals. He co-founded iTWire in 2004, where he was editor in chief until 2016. Today, Stan consults with iTWire News Site /Website administration, advertising scheduling, news editorial posts. In 2016 Stan was presented with a Kester Lifetime Achievement Award for his contribution to Australian IT journalism.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News