Yahoo is playing host to thousands of phishing sites and doesn't have sufficiently well-trained staff to address the problem of online fraud, according to a leading anti-spam and security organisation on Tuesday.
Richard Cox, chief information officer of Spamhaus, told an audience of politicians, security experts and law enforcement officials that Yahoo has just under 5,000 domains hosted and registered with the words 'bank', 'eBay' and 'PayPal' within the domain names.
Most of those are used as phishing sites, Cox told the London "eConfidence — Spam and Scams" conference.
Cox said that ISPs are failing to train their staff to recognise this as a security issue. "ISPs are treating abuse issues as customer service issues," Cox claimed.
In response, Yahoo said it would follow up Cox's claims. "We take security very seriously and will be investigating this issue fully," Nick Hazell, alliance director for Yahoo Europe, told ZDNet UK.
It is understood that most of these domains were registered in the US; it may be hard for Yahoo to take action until the domains are used in a phishing attack.
Meanwhile Ed Gibson, Microsoft UK's newly appointed chief security advisor, praised Spamhaus for its work. "Hats off to Spamhaus," Gibson told the audience. "We don't do a good job of responding to abuse. Spamhaus is excellent at highlighting areas of deficiency."