The first phishing attack carried out via instant messaging tried to trick Yahoo Messenger users into giving up information that would let attackers access their IM accounts and contact lists.
The first phishing attack carried out via instant messenger tried to trick Yahoo Messenger users this week into giving up information that would let attackers access their IM account and contact list.
Yahoo Messenger users have been spimmed (spam for IM) with messages that include a link to a bogus Web site that looks like an official Yahoo page, which asks them to log in with their Yahoo username and password. Users who fall for the ploy give hackers access to any information in their Messenger profile, as well as full access to their contact, or buddy, list.
A security firm that specializes in IM solutions for corporations issued a warning Friday about the Yahoo phishing scam. "With this year's explosive growth in IM worms and attacks, organizations can not afford to leave their IM users unprotected and unmanaged," said Francis Costello, the chief marketing officer of Akonix Systems, in a statement.
IM phishing can be not only dangerous, but difficult to control by IT, according to several recent surveys, since most companies don't have formal policies in place for managing instant messaging.
Earlier this week, content filtering vendor SurfControl released the results of a poll that showed 49 percent of enterprises reported they had no policy concerning the use of IM and peer-to-peer applications. Yet 78 percent of workplace IM users have download free IM software from the Internet -- such as Yahoo Messenger -- without being aware of the risks.
Other instant messaging clients have recently been the target of attacks, albeit not phishing scams. Earlier in March, Microsoft's MSN Messenger was hit with a rapidly-developing series of worms, dubbed "Kelvir," that if it infected a machine, hijacked the PC for the hacker's use.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.