A phishing scam was circulating on Friday through Yahoo Messenger that directs people to a malicious Web site where they are prompted to enter their Yahoo user name and password. The malicious instant message automatically forwards itself to the victim’s IM contacts.

The IM arrives from someone in your contact list with a link to a Geocities Web page and smiley face emoticons surrounding the link. When clicked on, the link opens a page that looks like a legitimate Yahoo 360 sign-in page.

If you are duped, immediately change your password and notify your Yahoo IM contacts about the malicious IM. Yahoo users also can customize their Yahoo log-in page with a security seal so they will know that the site is legitimate. More information is here.

continued @ News.com