8 March, 2007

Important Security Notice

In January we issued an alert regarding efforts by malicious third parties attempting to gain access to your Flickr account. We would again like to remind you about this issue and of ways that you can protect yourself.

We have had reports of Flickr members receiving comments on their photos or FlickrMails touting various services that are described as coming from Flickr itself, such as “special photo packages” and the like. Unfortunately, some unsuspecting members have been tricked into giving away their Flickr login credentials to unscrupulous third parties, so we wanted to explain what’s going on and how you can protect yourself.

What’s going on here?

What’s happening is called “phishing“, which Wikipedia describes as an “attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.”

Nothing that’s coming from Flickr about Flickr-related services will ever direct you to another website where you need to re-enter your Yahoo! login information. Once you’re logged in to Flickr, you should never have to re-enter your password, but if for some reason you do, you will always to it via the Yahoo! login screen.

Check the web address

An easy way to make sure you’re only entering your Flickr login credentials where they should be entered is to check the web address of the site you’re at that’s asking you to sign in. These are the only official URLs that Flickr uses:

Examples of “Flickr Fakes”

These are some examples of what a fake Flickr login screen might look like. Note that they’re very similar in design to Flickr.

“Flickr Secure Packages”

“Photo Invite (Download Package)”

“Flickr-orian” ??

So, please, stay alert and be on the lookout for these nasty pranksters whose sole purpose in life seems to be to trick you and wreak havoc.

(You should also familiarize yourself with the steps to follow to help your own security online, or read that Wikipedia page about phishing for more information.)