Websense® Security Labs™ has observed another change in the technique used in Yahoo! phishing attacks. These phishing attacks attempt to capture a user's Yahoo! ID and password by displaying a fake Yahoo! Sign In page. This variant of attack has been on-going for over a year. After the Yahoo! acquisition of Flickr, these attacks have started to shift from targeting Yahoo! Photos to targeting Yahoo! Flickr.
Users receive an email or instant message that claims to be from a friend wanting to show off photos that have been posted to Flickr. The message contains a link to a phishing site, which captures the user's Yahoo! ID and password.
Phishing for Yahoo ID, password