Phishing in Yahoo! Geocities?

Van Cutter Romney asks: "I've received a lot of phishing IMs on my Yahoo! Messenger from contacts whose accounts I guess have been hacked into. All the phishing messages lead to Geocities websites like this where the user is displayed a Yahoo! login page. For most people, the page looks legitimate and they enter their Yahoo! username and password (I was nearly fooled once). Since both the website (Geocities) and the messenger belong to Yahoo!, I'd like to know if they are doing to anything to counter these attacks."

Slashdot asks Van Cutter Romney

Did you report it to Yahoo!? Or just Slashdot?

Re:Slashdot asks Van Cutter Romney

[L7_]

check the bottom of this page: http://privacy.yahoo.com/privacy/us/security/detai ls.html

something to do

[ianpatt]

For those of you who are bored, you could try to get any of the addresses listed in the web form taken down.

<FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">
<INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">
<INPUT TYPE="hidden" NAME="Mail_To" VALUE="havinfunfun@gmail.com">
<INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">

I'm sure google would have a fun time going after whoever referred havinfunfun@gmail.com.

I knew there was something strange going on...

[walnutmon]

When I was asked for my username, password, and sexual orientation...

Re:I knew there was something strange going on...

[StikyPad]

When they came for the usernames,
I remained silent;
I was not a username.

When they locked up the passwords,
I remained silent;
I was not a password.

When they came for people with sexual orientation,
I did not speak out;
Because I have no idea what that means.

When they came for me,
there was no one left to speak out.

I logged in...

and I didn't see anything.

What gives?

Someone's asleep at the wheel.

And yet the worst fishing site on geocities is still up-- since something like 1998? Someone's asleep at the wheel.

Ummm

[Otter]

Since both the website (Geocities) and the messenger belong to Yahoo!, I'd like to know if they are doing to anything to counter these attacks.

Maybe I'm missing something, but why the hell are you asking us?

Terms of service

[Spy+der+Mann]

report the webpage and you're done.

Geocities is a kinda abandoned place (So much that webcomics make fun of it). There's no customer service, everything's automated there. The only thing that (I hope) isn't, is the "report offensive page" etc. The only change done to it was aesthetic and in the code. But the infrastructure remains.

In other words, geocities servers do NOT have personnel searching and identifying phishing sites on them. They have to rely on the users.

(This and popup ads led to the fall of free homepages. Most pages now are categorized in specialized sites: webcomics, blogs, art, fiction, and with youtube, videos).

This was bound to happen sooner or later. Yahoo neglected geocities, is it a mystery that it became a meeting point for illegal activities?

yes, we are

While I work for Yahoo! I do not speak for them officially. I do not work on any of the products mentioned.

We do have teams of people who work to fight any abuse of any of our products. When sites like those are found, they are taken down.

Please report any instances of situations like those you described to:

http://abuse.yahoo.com/ or abuse@yahoo-inc.com