A few days ago I discovered a new technique that Yahoo! is using to stem phishing attempts on their network.

Definition of phishing from Wikipedia:
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

When a user logs in, they see in the upper right corner of the login panel an image asking them to identify this computer and protect themselves. Clicking on this button pesents a nifty DHTML interface to create a custom “seal”. This seal will appear in the login panel every time that a user accesses a real Yahoo! server, and will not appear is they are on a phisher’s site where a password is trying to be stolen.

Will this technique really work? I think that he theory is sound, but I’m no security expert. I am mostly impessed by Yahoo’s creative approach to the problem and their advanced interface to build a seal.