Yahoo is testing a security service designed to prevent web surfers from landing on sites that look like they're from Yahoo but that are fake ones set up by fraudsters to carry out phishing scams.
The service lets users know if they have landed on a legitimate Yahoo sign-in web page, preventing them from entering their Yahoo ID and password on a phishing site.
The service currently supports only US Yahoo sites, is being tested and hasn't yet been officially announced, a Yahoo spokeswoman said via email on Friday.
Phishing is a monumental online security problem. Scammers set up legitimate-looking websites from well-known companies, such as banks, online stores and web portals, and try to lure people to them via email and other methods. The idea is to trick people into entering into the sites sensitive information, such as passwords and credit card numbers, for malicious purposes, such as ID theft and fraud.
Each Yahoo sign-in seal is associated with an individual computer, so users need to install it on every computer they use. Once installed, the seal will appear on Yahoo sign-in screens, letting users know the site is genuine. Creating a seal involves either entering some text terms or uploading an image. The text or the image are displayed in the seal, which will appear only on Yahoo sign-in screens and thus offers no protection on sites from other companies.
Yahoo cautions that there are reasons why the seal may not appear on otherwise genuine Yahoo sign-in pages. "For example, someone else using your computer may have deleted or changed your seal, your cookies or files on your computer may have been deleted, or you're using a partner or international Yahoo site," Yahoo's site reads. "To be safe, look for these other clues to make sure you're on a genuine Yahoo sign-in screen."
If the computer is shared among family or friends, it is a good idea to show everyone the sign-in seal so they recognise it. For computers in public places, like libraries, the sign-in seal should be created by the locales' administrators and not by visiting users, according to Yahoo.