A phishing scam was circulating on Friday through Yahoo Messenger that directs people to a malicious Web site where they are prompted to enter their Yahoo user name and password. The malicious instant message automatically forwards itself to the victim's IM contacts.
The IM arrives from someone in your contact list with a link to a Geocities Web page and smiley face emoticons surrounding the link. When clicked on, the link opens a page that looks like a legitimate Yahoo 360 sign-in page.
Yahoo is investigating the matter and will take down the Geocities Web site if it is perpetrating a scam, a Yahoo spokeswoman said. Geocities is Yahoo's free Web space service. Yahoo also will add filters to the Messenger system to prevent the malicious link from being propagated, she said.
Phishers often use smiley faces and other emoticons to make the victim feel that the IM is safe. Geocities sites are often used in phishing scams. Such scams are not new and are becoming increasingly more common.
IM users should not blindly trust links they receive even if the link comes from a trusted source or friend. Users should confirm that the person behind the IM account actually sent the link and that it is legitimate.
If you are duped, immediately change your password and notify your Yahoo IM contacts about the malicious IM. Yahoo users also can customize their Yahoo log-in page with a security seal so they will know that the site is legitimate. More information is here.