Reminiscent of a previous Yahoo! phishing site (as blogged here), another phishing attempt has been discovered, this time spoofing the Yahoo! Photos login page.

(Click on the image to enlarge)

This time around, the URL is spammed through a Yahoo! Messenger instant message:

http://www.geocities.com/oxox0o_angel_oxox0o/ ^:)^ guess where
this pic was taken and guess who is behind me in the picture

When the link is clicked, you are redirected to the said site.

By looking at the HTML source, it seems that the login details are sent to a CGI server, for what purpose only Heaven knows.

(Click on the image to enlarge)

If you notice, the value of the ACTION attribute is encoded in HTML hexadecimal notation. It is a long one; suffice to say it is a link to a CGI server. (Alright, it’s http://www2.fiberbit.net/form/mailto.cgi.)

Again, we can only be too careful. When logging in to any site, make sure that the URL in the address bar is the correct one. And if possible, login using a secure process; Yahoo! offers a secure login, so use it. And when you receive an instant message like the one stated above – even if from a trusted friend – ignore it completely.