Yahoo Instant Messenger has been targeted by phishers in a new scam that lures users to a fake Yahoo Photos Web site and encourages them to type in their Yahoo username and password, according to an alert from Websense Security Labs.
When the account information is submitted, an error message is displayed and the data is transmitted to an unidentified third party, the company said. With that data, the phishers--so named because they fish for information from victims--can get to any information in the victim's Yahoo account, including e-mail and financial details used in making payments.
Yahoo said Thursday that the phishing site has been removed.
In response to questions about the alert, Yahoo issued a statement: "Phishing is an industry-wide issue, and one that Yahoo takes very seriously. Yahoo employs a multifaceted approach to protect consumers against phishing scams, including the use of enhanced technologies, industry collaboration efforts, and increasing consumer awareness. A key defense in the fight against phishing is consumer awareness, and Yahoo has made it a priority to help educate consumers so that they can help protect themselves online."
The company also warned customers to never enter their Yahoo ID or password on any Web page unless they are on the Yahoo network and to look closely at the characters in the URL to make sure the Web address is not impersonating a trusted Yahoo Web site.