Skip to content

Don’t be fooled: IM phishing scams

March 30, 2007 on 9:28 am | In News | 17 Comments

On April 1st, friends may play practical jokes on you, and although amusing and sometimes annoying, they’re usually harmless. Unfortunately, not all hoaxes are in good fun. Every day is April Fools’ Day to online scammers and phishing over IM is one of their favorite jokes to play.

Phishing is a play on the word “fishing,” because the fraudster is fishing for private account information. Phishers are basically tech savvy cons who try to trick people into sharing personal information like financial data, credit card numbers, account usernames, passwords and social security numbers.

Email is still the main playground for phishers, but in the last couple of years they’ve been after instant messaging users, too. A typical phishing experience in IM goes like this: A new IM window appears on your screen, usually from someone you already know. It dispenses with the typical hello greeting and usually says something generic like “Check this out:” followed by a link. Although the IM appears to come from a friend, it’s actually from the phisher who after acquiring your friend’s account info, signed in and started IM’ing all of their buddies, including you.

Clicking links in these kinds of IMs take you to a fraudulent website that looks identical to a well-known site that you may already use (your bank, a credit card company, Yahoo!, eBay or PayPal). Typically the website will ask you to sign in or request other personal information like social security number, credit card numbers etc. If you enter and submit this information, the phisher has the key to the kingdom.

The FBI recently reported on a new form of phishing that utilizes Voice-over-IP (VOIP) services. “Vishing” is like traditional phishing except that your personal information is stolen over a voice call rather than on a Website. Typically you’ll get an email directing you to call a customer service line. When you call in, the phony automated system prompts you to enter personal information which is captured by the phisher

And though not directly related to IM security, there’s a growing trend of phishing scams taking place over bogus WiFi networks. Phishers set up unsecured wireless access points with network names that sound legitimate like “Mobile HotSpot”. This attracts unsuspecting laptop users seeking free internet access. Once connected to the WiFi network, the phisher can monitor a user’s web traffic, grabbing logins, passwords and other personal information from online accounts. Just last night I looked up wireless networks from my home and found an unsecured network called “Free Internet Access”. Hmm, very suspicious. Nothing’s really free, right?

So how do you avoid these phishing scams and if you do fall for one, what should you do? If you receive an IM from anyone that looks odd or suspicious, do not reply or click on any links (even if it looks legitimate). Click the “Ignore” button in the IM window and when asked, report it as spam. This will prevent that ID from sending you future messages and will send a spam report to the network. If you have to ignore a friend that’s on your list, you can always remove them from your ignore list later when they’re not being phished anymore. Just go to Messenger > Preferences > Ignore List.

If you do fall victim to a phishing scam and accidentally provide personal information on a phony website such as a login and password, the first thing to do is open a new browser and manually enter the site’s real address and change your account information. Doing this allows you to lock the phisher out before they have a chance to change your passwords and go to town with your account information. If the phishing scam was related to financial services, contact your financial institution immediately.

If you’ve received a suspicious communication in Yahoo! Messenger or Mail, inform the organization that is being impersonated by forwarding them the email (preferably as an attachment; this preserves full headers). And if you do receive a phishing communication in which Yahoo! is being impersonated, please forward the email or IM contents to phishing@cc.yahoo-inc.com.

For more information on identifying and avoiding phishing scams, visit the Yahoo! Security Center.

Sarah Bacon
Product Manager

17 Comments »

RSS Feed | TrackBack URI

  1. What about the people in chat rooms cracking names and taking personal information. What can be done about them?

    Comment by polar — March 30, 2007 #

  2. This is really a cool page, very,very informative. keep up.

    Comment by jamy — March 30, 2007 #

  3. Hi Sarah-

    When can we expect the long over due Mac update. Mac users have been stuck in beta 1 mode for about a year now.

    Alex

    Comment by Alejandro Rodriguez — March 30, 2007 #

  4. The 419 and other related phishing scams are a growing threat on Yahoo and has been starting to grow over the last year. When I first started receiving reports about this problem they were far and few between. Now I’m hearing reports about this problem several times a day.

    One thing everyone needs to realize about these scammers is that they are dangerous. By dangerous I don’t mean that they will take your account or harrass you – I mean that if given the chance they would kill their victims and do so without hesitation.

    My recommendation is that if you encounter anyone in chat or receive an instant message from anyone asking for personal information such as bank accounts, routine numbers, home addresses, phone numbers and offering to send you money or goods in exchange for you sending them something in return (usually money) report them immediately and ignore them.

    Usually these individuals will repsent themselves as (or representatives of) dethroned royalty, barristers (attorneys), ousted executives of oil, diamond, or other valuable mining operations, and other similar ‘titles’.

    Although these comments may seem redundent to the blog post or the information provided on the security pages I believe this is a serious enough problem where it cannot be repeated enough – STAY AWAY from these people or you may end up losing more than just your life savings.

    Comment by Chet Simpson — March 30, 2007 #

  5. I should also note that this is not a Yahoo specific problem. These scams occur on just about every service, communication medium, and/or social networking site you can think of.

    Comment by Chet Simpson — March 30, 2007 #

  6. Click on the link for good examples of what phishing webpages look like.

    http://www.wackyb.co.nz/vb/showthread.php?t=583

    Comment by Cchris78 — March 30, 2007 #

  7. dont forget to include in ur next build the check box to disable all file sharing and games i dont wanna have to keep clicking decline everytime some 1 trys starting the picture sharing or sending me a file or starts the games thing i just want it completely disabled and it still has the same problem when u use the launchcast plug in n ur done lsitenin to music u stop the radio n shut down yim its not really shut down u have to shut it down from task manager does any 1 else have that problem ?

    Comment by catherine — March 30, 2007 #

  8. Whrer is your Vista Messenger? Please write about it.

    Comment by DIn — March 31, 2007 #

  9. Hello! I do not know exactly where to take this to, so I figured this should be a pretty good start. I use a tablet PC at school and I also like to be on-line, maybe chat a bit. But it is not that easy nor fast to use the windows text input utility. Thus, I am forced to use Live Messenger to be able to write messages using the digitizer directly in the IM window. Could you please include handwriting support in this new vista-special release?

    Comment by Kevin — March 31, 2007 #

  10. Hi,
    A new Yahoo messenger build is out – Version 8.1.0.249.

    Q: Why is not published in any official blog ?
    A: R u kidding me ?

    Q: Why there is no list of “fixed issues”\”known issues” like in AIM ?
    A: R u trying to kill me with your jokes ?

    Comment by Build Manager — April 1, 2007 #

  11. _.-^-._.-^-._.-^-._.-^-._.-^-._.-^-._.-^-._.-^-._

    Hi Sarah,
    I want to share with you some post, from the plugins developers group:

    –> “Is this best forum to get questions answered?
    Do any yahoo IM sdk folks frequent this message board at all? My
    developments at a standstill while I await responses.
    Thank you,
    Nitin.”

    Comment by Someone — April 1, 2007 #

  12. Thank you Sarah.
    I received a mail from top bank in India, which I could identify as phishing.

    Use of internet in India is growing by leaps and bounds.

    Safety information as you have provided are important for us.

    Cheers,
    Regards,
    drashok

    Comment by ASHOK KOPARDAY — April 1, 2007 #

  13. Great job your doing with yahoo. thanks for making it great for every one.
    Kathy Hamilton/simikathy.com

    Comment by Kathy Hamilton — April 3, 2007 #

  14. This exact scam happened to me today, and unfortunately I fell for it. I recieved an IM from a friend asking me to check out a site. I clicked a link and it took me to a geocities site and I needed to enter my yahoo password. This is not unusual and you need to enter password so much on Yahoo sites.

    I went to lunch and came back and my password had been changed.

    I contacted Yahoo immediately. Unfortunately Yahoo has been extremely slow to respond. I have tried to get them to close my account, verify my information and then allow me access to my site again. They do not respond to repeated emails to the security site.

    I have lost faith in Yahoo. If they would have taken the appropriate action quickly, they could have prevented all of my confidential email and contacts from being stolen. I notified them within a half hour of the issue and am still waiting for a response 11 hours later.

    Yahoo is as much to blame as anyone for not taking this issues more seriously and acting quickly in following up on incidents.

    Additionally, an email verifying the password change sent to my secondary email account would also have prevented them from stealing my account.

    Shame on Yahoo for not doing a better job in protecting their users!!

    Frustrated beyond belief,

    Kevin Avoy

    Comment by Kevin Avoy — April 26, 2007 #

  15. i had the same thing happen to me as kevin avoy, only i just went to the geocities web page from the messenger and i didnt give a password. but still in a few minutes i was signed out! yeah i was tricked.
    i agree with kevin that yahoo needs to do more to protect thier users. if they know this is happening why cant they do something to prevent it, especially when its thier programs thats being compromised!
    well it took years for them to do something about the bots in messenger, so i guess this will take even longer!
    i am just as frustrated as you kevin, your not alone on this issue.

    mike strickland

    Comment by mike strickland — September 3, 2007 #

  16. keep an eye out for scam person normally uses the ID Kelcey Gordon. has business in Africa and always needs money.

    Comment by wildapples — April 8, 2008 #

  17. We just encountered a new scam.
    The hacker logged in to my friend’s ym account and started chatting as if he is that person.
    He then ask for favors like buying a load, asking for bank acct, personal details, etc.

    See story below

    http://crischell.blogspot.com/2008/04/chat-scam.html

    Beware, we thought it was really our friend. Acting like our friend, answering personal questions, telling stories… We don’t know how the scammer was able to gathered the details. but he sure knew a lot and was able to pretend as him!

    that’s more scary!

    Comment by marche mariell — April 17, 2008 #

Post a comment

Disclaimer and Reminder. The opinions expressed here are not necessarily the opinions of Yahoo! and we assume no responsibility for such content. Yahoo! may, in our sole discretion, remove comments that are off topic, inappropriate or otherwise violate our Terms of Service. Please do not post any private information unless you want it to be available publicly and never assume that you are completely anonymous and cannot be identified by your comments.