Phishers hooking Facebook, Twitter, Google, Yahoo passwords
Scammers have launched a campaign preying on users of OpenID in an attempt to steal log-in credentials, according to Barracuda Labs.
Barracuda security researchers Dave Michmerhuizen and Luis Chapetti say they are seeing specially built log-in pages that appear similar to pages used as part of the OpenID authentication process. When users type in their credentials, the data is collected by a rogue website, which sends back a message that the credentials have been validated.
OpenID is a protocol that allows users to log into one Web site using their credentials from another Web site - typically Facebook, Twitter or Google. The researchers said the scam uses one of two e-mail messages. One directs users to a compromised real estate page in Australia and the other appears to be a UPS notification and re-directs users to a fake UPS log-in page.