News

New Yahoo Shield May Dry Up the Phishing Well

• By Jason Turcotte
• August 24, 2006

Phishing is one of the fastest growing security threats today but one search engine is developing a solution that lets users secure their info by customizing their login pages.

Yahoo is just weeks away from adding a phishing shield to parry would-be hackers from using spam e-mail and fake Web sites to wheedle unsuspecting people into offering user IDs and passwords. The shield remains at the testing stage, as developers work to alter the tool so that it still functions even when cookies are removed from a computer.

The shield uses a sign-in seal in either the form of a text message or photo displayed on the site’s login page. The user sets up a seal on a specific work or home computer and that seal remains displayed when the Web site they’re viewing is legitimate, enabling browsers to discern the real pages from the fake ones. The seal can run the gamut from a favorite quote or an uploaded personal photo.

According to the Anti-Phishing Working Group, there are more than 20,000 phony Web sites on the Internet. Yahoo’s Security Center advises users to keep an eye out for obvious red flags:

• E-mails with an unofficial “from” address;
• E-mails describing an urgent call to action;
• E-mails with a generic greeting like “sir” or “dear member;”
• E-mails containing links to Web sites with fake sign-in pages;
• E-mails riddled with spelling errors; and
• Sign in pages with slashes missing from the browser address bar.

“We are continually testing this tool and gradually rolling it out to users via our login pages in the coming weeks,” said Meagan Busath, public relations representative, Yahoo.

Yahoo users are invited to try out the shield now but the company has yet to make an official announcement. The phishing shield must be installed on every computer the user accesses and it is not recommended for public computers.