Yahoo! Accused of Hosting Phishing Sites

Nonprofit spam-blocking group Spamhaus has accused Yahoo! of hosting thousands of phishing sites. The news comes amid an effort by giant e-mailbox providers, such as Yahoo!, Microsoft, and AOL, to prod marketers and other e-mail senders to authenticate their outbound messages in order to fight, among other things, phishing.

According to the Richard Cox, chief information officer of U.K.-based Spamhaus, Yahoo! has nearly 5,000 domains hosted and registered with the words “bank,” “eBay,” and “PayPal” within the domain name. “I just took three hot words, but there are dozens of others including misspellings. They are mostly phishing Websites, which shows that the situation is out of control,” Cox told an audience at the eConfidence–Spams and Scams conference in London earlier this week, according to press reports.

Phishing generally involves fraudulent e-mail that purports to be coming from a legitimate financial institution or merchant in order to get consumers to hand over their account numbers and passwords. If clicked on, the e-mails take recipients to an official-looking site where they are asked for their account information so that scammers can steal their identities.

As phishing increasingly chills consumer attitudes toward financial transactions online and costs ISPs more and more money to fight, e-mailbox providers are pressuring e-mail senders to adopt e-mail authentication programs to combat the return address forgery common in these online scams.

Though Yahoo! doesn’t operate the phishing sites, it provides the servers for them. Cox reportedly said that Spamhaus wrote Yahoo! about the sites, but received no reply.

“They never responded,” Cox said. “But anything with ‘Barclays Bank’ in the title is for nothing other than a fraudulent purpose. Responsible organizations will proactively check for any domains they are hosting that have an obvious fraudulent intent and will remove any they find, or any reported by other network users.”

Yahoo! did not immediately respond to a call for comment.