But I try to be a good guy so I forwarded that to Yahoo!, and I got this answer:
"Hello,
Thank you for writing to Yahoo! Customer Care.
Thank you for contacting us about your concerns regarding this
possible abuse of Yahoo! services.
Since the apparent instance of abuse is not hosted by Yahoo!, we are
not able to take direct action on this complaint. (...)"
Sounds reasonable, right? It's not. Here's one truth about phishers: they don't like to pay for bandwidth. And if they're using someone else's compromised system, they don't want the page to load slowly.
However, they still need to make their fake page look like the real thing, right? One thing they like to do is link (a lot) to the original website they are trying to forge. So Yahoo! may not host the page itself, but it does host many elements referenced in it. Images included.
So why doesn't Yahoo! replace this image file (which is linked directly in that forged page) with a phishing alert? That would tell users "Do not download the file. It's a virus!".
Of course it's not a perfect solution. For one, Yahoo! would have to stop using the image in their legitimate pages. And the phishers would get smart eventually. But it would save some people a lot of grief, and that makes it worth doing.
If you care, that is...
No comments:
Post a Comment