Yahoo phishing scam targets unpatched Internet Explorer browsers ...

A Billing Error is implied in this Phishing Scam with the email (see below) linking to a forged Yahoo web form (see image below).

The link is coded to exploit the URL Spoofing (canonicalisation) bug that exists in Internet Explorer browsers (Microsoft issued a patch at the beginning of February 2004 - use the URL Spoofing vulnerability check link on the right of this page).

If your browser is vulnerable, you will see http://wallety.yahoo.com in your browser address bar. The page is coded to send any data submitted on to the fraudsters via a PHP script located on the same server as the bogus content - curvet.co.kr which resolves to Korean web space.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

Dear Yahoo! User,

We encountered a billing error when attempting to renew your Yahoo! service. This type of error usually indicates that either the credit card you have on file has expired or that the billing address we have is not current. 

This is your final notice. Please take a moment to update your credit card information by clicking here and submitting your information.

Please note that we will attempt to renew your service five days from today. If we are still unable to charge your credit card at that time, your service will be terminated.  

Sincerely,
Yahoo! Billing Department

The bogus web page ...