Yahoo Inc. is testing a security service designed to prevent Web surfers from landing on sites that look like they are from Yahoo but that are fake ones set up by fraudsters to carry out phishing scams. The service lets users know if they have landed on a legitimate Yahoo sign-in Web page, preventing them from entering their Yahoo ID and password on a phishing site. The service, which can be found at https://protect.login.yahoo.com/login/set_pref/ and currently supports only U.S. Yahoo Web sites, is being tested and hasn't been officially announced yet, a Yahoo spokeswoman said via e-mail on Friday. Phishing is a monumental online security problem. Scammers set up legitimate-looking Web sites from well-known companies, such as banks, online stores and Web portals, and try to lure people to them via e-mail and other methods. The idea is to trick people into entering into the sites sensitive information, such as passwords and credit card numbers, for malicious purposes, such as ID theft and fraud. Each Yahoo sign-in seal is associated with an individual computer, so users need to install it on every computer they use. Once installed, the seal will appear on Yahoo sign-in screens, letting users know the site is genuine. Creating a seal involves either entering some text terms or uploading an image. The text or the image are displayed in the seal, which will only appear on Yahoo sign-in screens and thus offers no protection on sites from other companies. Yahoo cautions that there are reasons why the seal may not appear on otherwise genuine Yahoo sign-in pages. "For example, someone else using your computer may have deleted or changed your seal, your cookies or files on your computer may have been deleted, or you're using a partner or international Yahoo site," Yahoo's site reads. "To be safe, look for these other clues to make sure you're on a genuine Yahoo sign-in screen." If the computer is shared among family or friends, it is a good idea to show everyone the sign-in seal so they recognize it. For computers in public places, like libraries, the sign-in seal should be created by the locales' administrators and not by visiting users, according to Yahoo.
