First IM Phishing Attack Hits Yahoo - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


First IM Phishing Attack Hits Yahoo

The first phishing attack carried out via instant messaging tried to trick Yahoo Messenger users into giving up information that would let attackers access their IM accounts and contact lists.

The first phishing attack carried out via instant messenger tried to trick Yahoo Messenger users this week into giving up information that would let attackers access their IM account and contact list.

Yahoo Messenger users have been spimmed (spam for IM) with messages that include a link to a bogus Web site that looks like an official Yahoo page, which asks them to log in with their Yahoo username and password. Users who fall for the ploy give hackers access to any information in their Messenger profile, as well as full access to their contact, or buddy, list.

A security firm that specializes in IM solutions for corporations issued a warning Friday about the Yahoo phishing scam. "With this year's explosive growth in IM worms and attacks, organizations can not afford to leave their IM users unprotected and unmanaged," said Francis Costello, the chief marketing officer of Akonix Systems, in a statement.

IM phishing can be not only dangerous, but difficult to control by IT, according to several recent surveys, since most companies don't have formal policies in place for managing instant messaging.

Earlier this week, content filtering vendor SurfControl released the results of a poll that showed 49 percent of enterprises reported they had no policy concerning the use of IM and peer-to-peer applications. Yet 78 percent of workplace IM users have download free IM software from the Internet -- such as Yahoo Messenger -- without being aware of the risks.

Other instant messaging clients have recently been the target of attacks, albeit not phishing scams. Earlier in March, Microsoft's MSN Messenger was hit with a rapidly-developing series of worms, dubbed "Kelvir," that if it infected a machine, hijacked the PC for the hacker's use.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll