Fake Yahoo Games steal player passwords

Stan Beer
Thursday, 01 September 2005 10:43

Business IT - Security

Game players take notice. Security vendor, Trend Micro has discovered a new phishing website that poses as Yahoo! Games, offering free games, online competition and free downloads.

Once a user enters their Yahoo ID and password, the information is then sent to a third party, which may use it for other purposes.

The phishing website is propagated via messages sent over Yahoo instant messenger that include no information beyond the link http://geocities.yahoo.com.br/forun_amex/login.html. All users should avoid clicking on this link.

Trend Micro Australia and New Zealand senior systems engineer, Adam Biviano, says: 'This address could be closed at any time, with a new address replacing it to continue deceiving users. Online phishers are just like con artists on the street; they set a trap to deceive a large number of people each time. They continuously shut down their traps and quickly switch to other providers to avoid being caught.'

The phisher's hypothesis states that URLs used can only exist for approximately 52 hours. According to Aniphishing.org, phishing URLs last an average of 5.8 days, with the longest length of time being around one month.

The Yahoo Game phishing site even displays copyright and privacy statements, making it very difficult for the average person to determine its authenticity.