Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing in Yahoo! Geocities?

Posted by ryuzaki0 on from the what-can-you-do dept.

Van Cutter Romney asks: "I've received a lot of phishing IMs on my Yahoo! Messenger from contacts whose accounts I guess have been hacked into. All the phishing messages lead to Geocities websites like this where the user is displayed a Yahoo! login page. For most people, the page looks legitimate and they enter their Yahoo! username and password (I was nearly fooled once). Since both the website (Geocities) and the messenger belong to Yahoo!, I'd like to know if they are doing to anything to counter these attacks."

6 of 54 comments (clear)

  1. Re:Slashdot asks Van Cutter Romney by L7_ · · Score: 4, Informative

    check the bottom of this page: http://privacy.yahoo.com/privacy/us/security/detai ls.html

  2. Terms of service by Spy+der+Mann · · Score: 4, Informative

    report the webpage and you're done.

    Geocities is a kinda abandoned place (So much that webcomics make fun of it). There's no customer service, everything's automated there. The only thing that (I hope) isn't, is the "report offensive page" etc. The only change done to it was aesthetic and in the code. But the infrastructure remains.

    In other words, geocities servers do NOT have personnel searching and identifying phishing sites on them. They have to rely on the users.

    (This and popup ads led to the fall of free homepages. Most pages now are categorized in specialized sites: webcomics, blogs, art, fiction, and with youtube, videos).

    This was bound to happen sooner or later. Yahoo neglected geocities, is it a mystery that it became a meeting point for illegal activities?

  3. Address to report it to by Anonymous Coward · · Score: 2, Informative

    http://add.yahoo.com/fast/help/geo/cgi_abuse

  4. yes, we are by Anonymous Coward · · Score: 3, Informative

    While I work for Yahoo! I do not speak for them officially. I do not work on any of the products mentioned.

    We do have teams of people who work to fight any abuse of any of our products. When sites like those are found, they are taken down.

    Please report any instances of situations like those you described to:

    http://abuse.yahoo.com/ or abuse@yahoo-inc.com

  5. Oh, C'mon!!!... by BlueStrat · · Score: 2, Informative

    Who *doesn't* know that Yahoo/Geocities is a major phishing/script-kiddie resource and host?? This isn't news to anyone who has experience chatting in Yahoo chatrooms.

    There are script-kiddies and S/N stealers that constantly use geocities pages to host everything from phishing pages to outright trojan .exe files, disguised as videos or whatever, that they spam links to in yahoo chatrooms with, in an almost constant barrage.

    There is a subgroup of huge-egoed "1337" yahoo chatters that deal in stolen screen names and "illegal" or "illy" names in trade for other names, or straight cash.

    Yahoo seems to pay no attention whatsoever to their abuse reporting system. I've reported a geocities page hosting a trojan multiple times, and the site remained up for over a year, with the same trojan .exe file.

    One of the biggest things driving this subgroup of crackers and script-kiddies are the chat-bot spammers, who buy lists of stolen screen-names/accounts on which to log-on their spam/porn bots. There is an entire underground economy of stolen accounts/screen-names much larger and much older than any of the MMORPG gold trader/seller economies that have gotten so much press of late.

    I think Yahoo, despite all of their denials, are in bed with the spam/porn-bot operators, and turn a blind eye, even protecting them. I know people who chat on Yahoo that run "booter" programs that will kick/flood a chatter out of a room, even completely disconnect someone from Yahoo. They regularly boot normal chatters with impunity, but fear to boot "porn/spam-bots", as Yahoo will quickly shut down the booters' "bot" account(s) (most 'booter' programs utilise 'bots' to send their disconnect packets/IM floods/etc) and even ban the booter-operators' account and block that IP address.

    If I were this fellow, I'd consider myself lucky that the only thing he got from a geocities webpage was a phishing page, as opposed to a virus or trojan with much more serious and far-reaching consequences than having a Yahoo screen-name/account cracked or stolen.

    Cheers!

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  6. Re:Been there, done that. by antdude · · Score: 2, Informative

    One more thing... Y! did recover my buddies' accounts that remembered their sign up information.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).