Banks, credit unions, PayPal, eBay, Amazon, the IRS… all of these organizations suffer from phishing attacks on a regular basis. (Sad, but true.)

Yesterday morning, I personally received an example of a new (to me) category of phish: someone trying to get me to provide Yahoo credentials. Not my personal Yahoo credentials, but my “Sponsored Search” account, where I’d control my advertising spend with Yahoo Search Marketing…if I had an account!

I suppose the purpose was to steal my credentials and then have “me” schedule and pay for pay-per-click advertising on behalf of the criminal. Phishers keep following the money, even via more indirect routes.

• The phish: http://yahincmarketing.com/Login.html (purposefully not linked)
• PhishTank submission: http://www.phishtank.com/phish_detail.php?phish_id=316499
• Real URL: https://login.marketingsolutions.yahoo.com/ (redirects to another Yahoo.com URL, but totally legitimate!)

The phisher even copied the Javascript popup from the legitimate site encouraging me to bookmark this new location!

Note: Besides the community’s vote (thank you!), I’ve notified someone at Yahoo Search Marketing, so I would expect and hope this site will be taken offline rapidly. It’s already blocked for OpenDNS customers, of course.

whois info:

Domain name: yahincmarketing.com

Registrant:
   Jim Johnson  (SROW-615849)
   mdumi82u@aol.com
   5 rue de Thorigny
   PAris   PARIS
   75003   FR
   +33 42719715