- I got a YM IM from a friend, that just had a smiley and a geocities URL.
- I went to the url, and it kicked up a Yahoo login page for Yahoo Pictures. I thought, damn, Yahoo keeps wanting me to log in over and over again.
- I filled out the username and password, and had the pointer over the submit button...
- When I realized that the URL bar handn't changed, ie, I hadn't been redirected to *.yahoo.com URL, *and* the username hadn't been prefilled, which means that the cookies nor the stored password autofiller for Yahoo had recognized the page.
- I took the page's HTML apart, and figured out that what it was going to do was email my username and password to some webmail account in a shithole country.
- I am guessing that what will happen next is it would take my yahoo account info, log into ym, and try to trick everyone on my friendslist.
- And with my Yahoo account, it can also get into things like Yahoo Wallet. !!
If you get a YM from a friend that is just a URL that send you to a Yahoo login, don't just log in!. Check the URL at the top of your browser first, and be watchful and suspicious. Only give your Yahoo password to a real Yahoo.com URL.