A few months ago I had my Yahoo acct compromised. I’d been phished by an IM virus.
The way this works is that someone you know will send you a link to a web page… typically managed by something major. Like Yahoo.
The only problem is, it’s not Yahoo. It’s a page owned by someone else.
It realllly looks like Yahoo. If you log onto it (thinking it’s Yahoo) the page will come back telling you that the server is down.
In the mean time, the Username/Password is now the possession of the people that put up the web page.
What will happen next is that an automated system will use your Username and Password to log onto Yahoo Messenger. It will promptly log you off and change your password. Next, it will send the same message you received with the Evil URL to people on your friends list.
This is to bait people on your behalf.
Recovering your account is a NIGHTMARE:
See:
4/12/05 I am hacked
The hacking details
4/14/05 Seeking resolution
4/14/05 I go directly to the Yahoo Board of Directors
4/15/05 I win
So.. warning… it’s out there. And good luck to AlSv… That’s the account that has me on the buddy list that’s been compromised sending to me.
OUCH. I have a friend who had a very similar situation happen to him, except worse. He was simply sent a link by a familiar name, and after clicking the link, the page he visited automatically detected his info somehow. I remember getting a message from his name with a link that I clicked on, but I never had my info compromised. I’m thinking this person was targeting him specifically.
Thanks for the warning. I’m not on Yahoo often, but I’ll keep my eyes open! I’m already skeptical enough about every link I click on from anyone… time to tighten security!
I got smacked with that one too. And when I go to visit phishing sites that warn you of scams, they never mention this is a possibility. They need some updates.
It took me about 4 days to get my account back myself, in the meantime I was panicking because my credit card information is in my account! But I don’t think anyone actually read anything in there, it seemed very automated.
Antiphishing
Although you are probably using a Mac, IE 7 (beta is available) has an anti phishing filter. It will tell you if it thinks the website is a phishing website. I don’t know if this is availible for the mac yet.
It seems to be pretty good so far, but the ones I have gone to (on-purpose) were pretty obvious.
This all seems like an excellent series of reasons to never trust Yahoo or deal with them.
I don’t know which browser you use. I use Firefox, and I acquired Spoofstick, a free program that shows you the domain that you’re on. If the domain isn’t kosher, you know it right away. It has saved me from more than a few headaches.
Thanks so much for this info.
But man…what the hell is wrong with people. Are crooks so damn lazy now they want to rip you off without ever leaving their house or speaking to anyone? It seems like if you’re that talented, you should be able to find a decent job.
Although, as I type this and look from you to me, I realize that such is not always the case.