As reported on Google Help Forum in Japanese [J], some Japanese search users who searched on Google by “yahoo.co.jp” was taken to a site which has a strange domain “twakuwakuland.info”, but shows the totally same contents as Yahoo! Japan.
People usually search Yahoo! Japan by “Yahoo” but not “yahoo.co.jp” (well, I don’t know why people even search “yahoo” on google but…), but when Google Toolbar assist auto-complete, some people just let the toolbar search by “yahoo.co.jp” then they may type their Yahoo password on the phishing site.
Yahoo! Japan support answered off-the-mark comment (“please do not access such site”), and Google’s Help Forum seems not a place where Googlers answer, an user sent a tweet to Matt Cutts. His reply was “it’s been reported here and I think people will look into it. Thanks for mentioning it.”
The problem was likely caused that Yahoo! Japan does not check third party points their site domain to Yahoo’s server address. I don’t know how Google crawled and indexed the phisher’s site at the top of the search results instead of Y!J.
It seems fixed now, though it is not known who fixed the issue.
