Audit
Programs
AuditNet Links
AuditNet Library
Sarbanes-Oxley
Page
AuditNet
Newsletter
Ask
the Auditor
Audit
Jobs
Partner
Discounts
Search the Site
Our
Sponsors
Advertise
Sign
the Guestbook
AuditNet
Home Page
AuditNet® Information Security
Protect Yourself: Phishers target Yahoo and MSN Instant Messengers
by Rey LeClerc,
PhD, CISSP, CISM
Chief Information Security Officer
Case Western Reserve Company
Yahoo confirmed March 24, 2005 that its Yahoo Messenger service is being targeted by a phishing scam attempting to steal usernames, passwords and other personal information. This follows last month’s MSN Messenger incident of the same nature. Malicious attackers are sending users messages containing a link to a bogus website, which looks like a legitimate site, asking them to log in with their ID and password. The messages appear to arrive from someone on the victim’s friends list so it appears to be legit.
It is not uncommon for intruders to run software which can collect passwords. The most common form of computer break-in is via accounts with passwords that become known to intruders. This may be because the password has been guessed or has been discovered by an intruder. This is one reason why we recommend passwords to be changed periodically in an attempt to keep them private. You can change your network password at any time.
Disclaimer: The views expressed in the above article do not purport to represent the views of AuditNet, any professional association or the views of any employer.