Yesterday morning, I personally received an example of a new (to me) category of phish: someone trying to get me to provide Yahoo credentials. Not my personal Yahoo credentials, but my “Sponsored Search” account, where I’d control my advertising spend with Yahoo Search Marketing…if I had an account!

I suppose the purpose was to steal my credentials and then have “me” schedule and pay for pay-per-click advertising on behalf of the criminal. Phishers keep following the money, even via more indirect routes.

• The phish: http://yahincmarketing.com/Login.html (purposefully not linked)
• PhishTank submission: http://www.phishtank.com/phish_detail.php?phish_id=316499
• Real URL: https://login.marketingsolutions.yahoo.com/ (redirects to another Yahoo.com URL, but totally legitimate!)

The phisher even copied the Javascript popup from the legitimate site encouraging me to bookmark this new location!

Note: Besides the community’s vote (thank you!), I’ve notified someone at Yahoo Search Marketing, so I would expect and hope this site will be taken offline rapidly. It’s already blocked for OpenDNS customers, of course.

whois info:

Domain name: yahincmarketing.com

Registrant:
   Jim Johnson  (SROW-615849)
   mdumi82u@aol.com
   5 rue de Thorigny
   PAris   PARIS
   75003   FR
   +33 42719715

Fantastic news: Yahoo! Mail, the world’s largest Web mail service, uses PhishTank data to help protect its 250 million users.

Here is the press release on the OpenDNS site, or read the official release on PRWeb. One quote:

“By combining the data received from PhishTank.com with other anti-phishing resources, we are currently protecting Yahoo! Mail users from nearly 14 million phishing email messages per day. Listening to the community, developing enhanced technologies and collaborating with security leaders continue to be priorities as we work to protect email users from the industry-wide problem of phishing,” said Miles Libbey, Yahoo! anti-spam product manager.

Our thanks to Miles, Carlo Catajan, and others on the Yahoo! Mail team for taking this step and doing even more to protect their customers. I’ll share one more quote, which sums up our feelings here at OpenDNS:

“OpenDNS is thrilled Yahoo! Mail has chosen phishing protection powered by PhishTank,” said David Ulevitch, CEO of OpenDNS. “PhishTank is firmly rooted in the belief that the fight against phishing is a collaborative effort and we encourage other organizations to follow Yahoo! Mail’s lead.”

To the entire community: Thank you!