[OpenID] FYI: Flickr has the same problems with phishing

Marcin Jagodziński marcin.jagodzinski at gmail.com
Tue Jan 23 09:36:03 UTC 2007


Sorry, I wasn't aware of it

They've included prominent and visible link to this on every page.

19th January, 2007

Important Security Notice:

Recently there have been attempts to lure Flickr members to web pages
which look similar to Flickr and invite people to enter their password
or download a "package" of private Flickr photos.

Flickr does not offer downloads of photo packages, self-extracting
archives of photos, private or otherwise. If you see a link which
offers something similar -- even if it appears in a comment or posting
left by a member you are familiar with -- please use the "Report
Abuse" link at the bottom of every Flickr page to let us know.

This is not a problem specific to Flickr, but there have recently been
Flickr members targeted. We don't want to see anyone affected so it is
important that you exercise caution in your clicking.

How can help protect yourself:

-- Make sure that the address locator bar of your browser is visible.
If you follow a link anywhere in the site that leads to a page that
looks like Flickr but the URL is not flickr.com, please use the Report
Abuse form listed in the footer of every page to let us know. We have
active filtering and we'd like to review any comment so that we can
add new URLs to these filters.

[here is a screenshot of location bar]

-- Flickr members can only sign in to Flickr on "login.yahoo.com"
(excepting "old skool members"). For your own protection, you should
review the information available at security.yahoo.com.

Helpful links
http://security.yahoo.com/
http://en.wikipedia.org/wiki/Malware
http://en.wikipedia.org/wiki/Phishing
http://www.fraud.org/tips/internet/phishing.htm
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

2007/1/23, Stephane Bortzmeyer <bortzmeyer at nic.fr>:
> On Mon, Jan 22, 2007 at 10:00:26PM +0100,
>   Marcin Jagodzi?ski  <marcin.jagodzinski at gmail.com> wrote
>  a message of 12 lines which said:
>
> > http://www.flickr.com/news.gne#sec_alert
>
> It seems private, I'm redirected to a login page. Can you provide a
> link to a public resource or copy-and-paste it?
>



More information about the general mailing list