A Yahoo! Instant Messenger phishing attack is using Geocities to lure users to divulge their Yahoo! Login and Password. The phishing attack sends messages like this:
http://www.geocities.com/oxox0o_angel_oxox0o/ ^:)^ guess where
this pic was taken and guess who is behind me in the picture
to buddies of accounts they have collected and tricks them into logging into a spoofed Yahoo! Page. The phishing attack then use the new accounts to gather more Yahoo! identities.
In order to prevent your password from being stolen, be very suspicous of unexpected messages from friends on your Buddy List that may have had their identities stolen. You may verify with your friends first if they recently received a phishing attack like this or have been unable to login to their Yahoo! Accounts.
Are you affected?
If you have fallen victim to this attack (i.e. You logged on into the fake page). Change your password, password reminder and keep your back-up email information upto date. If you are unable to login to your Yahoo! account, there is a possibility that you will be unable to recover your password or account.