Brief: Phishers Flick Switch, Dupe Yahoo Users With Flickr

WebSense, which sounded the alert, has posted a screenshot of a bogus e-mail on its site.
Criminals have taken to a new tactic to dupe Yahoo members into divulging their log-on credentials by sending out bogus e-mails branded with Flickr, the photo-sharing service Yahoo acquired last year.

In an alert posted Thursday, San Diego-based security company Websense said phishers are switching from using Yahoo Photos to Flickr as the backdrop to their thievery.

E-mail in a Flickr-style format poses as coming from a friend who wants to show off photos posted to the photo service, and includes a link to a site that captures the victim's Yahoo username and password.

"This variant of attack has been on-going for over a year," Websense noted in the alert, "[but] after the Yahoo acquisition of Flickr, these attacks have started to shift from targeting Yahoo Photos to targeting Flickr."

Websense has posted a screenshot of a sample bogus e-mail in its alert here.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing