I had been tricked too. A friend of mine sent this bogus link through yahoo Messenger:

[url]http://geocities.com/pics_of_my_vacation_2006[/url]

I clicked on it without carefully checking the URL. It took me to a yahoo-like username/pwd entry screen. I was careless in thinking my cookie expired so I am required to re-login. I did so and so stupidly gave my password to the hacker. The hacker phished for my amex and other information I had in my inbox, and tried to gain access to my credit cards. I closed online access to all my cards. Still, I wonder what else I had in my inbox. I wrote to yahoo to disable my account immediately, but I guess its a little late. The hacker probably got what he/she wants.