X

Yahoo adds phishing shield

New feature lets Yahoo users customize the login page to foil information-thieving phishing scams.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
See full bio
Joris Evers
2 min read
Yahoo is testing a new security feature that lets users customize their login page, a measure designed to thwart information-thieving phishing scams.

The feature requires people to create a unique "sign-in seal" on a specific PC. This seal--a text message or photo--will be displayed on the Yahoo login page when visited with that computer, according to a description of the feature on Yahoo's Web site.

screenshots

"A sign-in seal is a secret between the computer you set it up on and Yahoo," the Yahoo Web site states. "So when you sign in to Yahoo from this computer, your sign-in seal tells you that you're seeing a genuine Yahoo site, not a phishing site."

Phishing is one of the most common online threats. In May, just over 20,000 phishing Web sites--a record--were reported to the Anti-Phishing Working Group, the organization said. Phishing typically combines spam e-mail with fraudulent Web sites to trick people into giving up sensitive information, such as a Yahoo user ID and password.

"Phishing is an industrywide issue, and Yahoo is always looking at ways to combat it," a representative for the Sunnyvale, Calif.-based Web giant said. "We're testing and hoping to gradually roll out this new, optional feature that will allow people to uniquely personalize their Yahoo login."

Some of Yahoo's 208 million active registered users already have access to the security feature, the company representative said. Yahoo plans to make it available to all its U.S. users over the coming weeks and to users in other countries at a later stage, the company representative said.

The sign-in shield is designed for use on a personal computer, not on systems in libraries or Internet cafes, for example. It works based on cookies, tiny files that a Web site can place on a user's computer. "It is meant for people to use on their personal or work computers that they use regularly," the Yahoo representative said.

People who remove cookies from their system, for example for privacy reasons, can disable the new Yahoo feature and have to create a new shield. That, at least, was the case in CNET News.com tests using both Internet Explorer and Firefox. Yahoo is tweaking the sign-in shield so the feature won't be rendered useless by removing cookies, the company representative said.