Log in

No account? Create an account
entries friends calendar profile My Website Previous Previous Next Next
Mark Atwood
Warning! Yahoo Messenger phishing scam. Don't fall for it!
I just came within a twitch of my thumb of falling for a password collecting phishing attack, and compromising my Yahoo account. I feel dumb, but not really dumb, because I almost fell for it, didn't quite.

  1. I got a YM IM from a friend, that just had a smiley and a geocities URL.
  2. I went to the url, and it kicked up a Yahoo login page for Yahoo Pictures. I thought, damn, Yahoo keeps wanting me to log in over and over again.
  3. I filled out the username and password, and had the pointer over the submit button...
  4. When I realized that the URL bar handn't changed, ie, I hadn't been redirected to *.yahoo.com URL, *and* the username hadn't been prefilled, which means that the cookies nor the stored password autofiller for Yahoo had recognized the page.
  5. I took the page's HTML apart, and figured out that what it was going to do was email my username and password to some webmail account in a shithole country.
  6. I am guessing that what will happen next is it would take my yahoo account info, log into ym, and try to trick everyone on my friendslist.
  7. And with my Yahoo account, it can also get into things like Yahoo Wallet. !!

If you get a YM from a friend that is just a URL that send you to a Yahoo login, don't just log in!. Check the URL at the top of your browser first, and be watchful and suspicious. Only give your Yahoo password to a real Yahoo.com URL.
4 comments or Leave a comment
jezel From: jezel Date: November 10th, 2006 02:49 am (UTC) (Link)
Thanks for the heads up. The password has been changed and I sent out a warning to my flist.
zonereyrie From: zonereyrie Date: November 10th, 2006 05:38 am (UTC) (Link)
AH, yeah, someone I know got burnt by this several weeks ago. They lost access to all their Yahoo stuff. I checked out the page, figured out what it was doing, and then hunted through Yahoo's obtuse FAQs to find the right place to report it to.

But it is so easy to do the pages just pop up as soon as one is smacked down.
From: neocuriosity Date: November 10th, 2006 05:48 am (UTC) (Link)
Oh man, that is SNEAKY.

Nice job. Keep up the good work. Have a great Veteran's Day weekend, and a fabulous time at SQL Camp; roast some marshmallows or something.
omnifarious From: omnifarious Date: November 18th, 2006 11:08 pm (UTC) (Link)

I fell for it. *sigh* I don't keep anything important in my Yahoo account, so no harm was done besides embarrassing me and sending stupid spam to my friends. I changed my password as soon as I got the first message about IM spam and warned all of my friends.

4 comments or Leave a comment