Yahoo! Personalized Sign-In Seal

Give password scams the boot with personalized sign-in seals.

Fight password theft with seals you create and add to Yahoo! sign-in pages.

  • Don't be an easy target of phishing scams

    • Create a sign-in seal you'll see whenever you sign into Yahoo!
    • If your sign-in seal is not there, it's likely to be a spoof
      page created by a phisher to steal your personal information

Now I don't know how long this 'feature' has been around at Yahoo, but at
least it appears they are moving in the right direction.

  • So what's the problem?
  • So what is the purpose of a sign-in seal?
  • Does it prevent 'phishing' attacks?

So what's the problem?

There are 1000's of scams and phishing attempts out there in the wild. 
One of the most current is when you receive a message from apparently from someone
on your contact list which 'tells you about  some new photos they have
on their webpage'.  In fact there are no photo's and the webpage is a phishing
attempt whose aim is to get people to log in to a fake Yahoo page.
The instant you log in, the phishers have your login credentials and are free
to use your Yahoo account at their will.

So what is the purpose of a sign-in seal?

The sign-in seal works on a per-computer basis.  So you do have to remember
that on each PC you use the seal, you have to upload a new one.
you can upload your 'seal'.
Once you have set it up, whenever you go to a Yahoo page (on that computer)
your 'seal' will be displayed on that login screen. 
Each and every login page at Yahoo will display your 'sign-in' seal.

Does it prevent 'phishing' attacks?

No. It cannot prevent 'phishing' attacks.  Only you the user can prevent
those. (Well apart from locking up the pond scum responsible for the 'phishing'
What it does do if give you 'the user' the ability to detect a phishing site
with great ease.
There are some things you just don't do, such as open attachments from people
you don't know (without virus scanning, anti-spy ware scanning etc).  There
are some things that genuine sites just don't do, like supply you with a link
to a login page, (they 'should' tell you to go to the main page and log in. 
You 'should' already know the site if you are a member, so you should know.
If you do ever receive a link within an email, you should always check as best
as possible, that the link is genuine.

There is only so much that a regular user can do to ensure a link is genuine
and some phishing links are quite clever in their cloaking.
At least for the moment, when you visit a fake 'Yahoo' page, your 'sign-in'
seal will not be displayed.  (I say for the moment because I haven't looked
at depth as to how it achieves the sign in seal and we know how much effort
the fraudsters put into defeating anything put in their way).

  • Remember, if you are in an internet cafe reading your email and login
    to a Yahoo site, you won't have a sign-in seal on that computer so it won't
    be displayed.  It is on a per-PC basis.
  • It will not stop you from going to any phishing sites, it will only
    highlight that the page you have visited is NOT a genuine Yahoo login page.
  • It will only protect you on Yahoo pages.