Criminals have taken to a new tactic to dupe Yahoo members into divulging their log-on credentials by sending out bogus e-mails branded with Flickr, the photo-sharing service Yahoo acquired last year.
In an alert posted Thursday, San Diego-based security company Websense said phishers are switching from using Yahoo Photos to Flickr as the backdrop to their thievery.
E-mail in a Flickr-style format poses as coming from a friend who wants to show off photos posted to the photo service, and includes a link to a site that captures the victim's Yahoo username and password.
"This variant of attack has been on-going for over a year," Websense noted in the alert, "[but] after the Yahoo acquisition of Flickr, these attacks have started to shift from targeting Yahoo Photos to targeting Flickr."
Websense has posted a screenshot of a sample bogus e-mail in its alert here.