Home › Forums › Archives › Instant Messaging › Yahoo! Messenger Support › Yahoo account stolen via webpage & IM
- This topic has 27 replies, 18 voices, and was last updated 17 years, 6 months ago by No-Way.
-
AuthorPosts
-
December 8, 2004 at 12:57 am #15215cozmikMember
Anyone else get thier accounts hacked lately. My password was changed after I click a link in an IM sent by one of my online buddies. (thier account was stolen for the same purpose).
The message I got was this:
“ok everyone. if you get the time check this out. and sorry for the mass http://www.geocities.com/xll0o_sweet_gal_o0 Im off goodnight all”
The account I lost is: robert_raught @yahoo.com
I left part of the URL out because I didn’t want anyone clicking the above link and then losing thier account too.. If you want the complete URL, let me know.
Anyway… I tried doing the password retrieval and to no avail..I currently have a support ticket open with yahoo, so maybe that help get my account back.
I was hoping someone from this forum has had the same issue and maybe knows what to do or maybe knows what the password was changed to (if you could reverse engineer the software that stole my account and then changed the pass.. you could probably find out what the pass was changed to? maybe?)
– Robert Raught
December 8, 2004 at 4:50 am #107959Jeff HesterKeymasterQuote:quote:Originally posted by cozmikAnyone else get thier accounts hacked lately. My password was changed after I click a link in an IM sent by one of my online buddies. (thier account was stolen for the same purpose).
The message I got was this:
“ok everyone. if you get the time check this out. and sorry for the mass http://www.geocities.com/xll0o_sweet_gal_o0 Im off goodnight all”
The account I lost is: robert_raught @yahoo.com
I left part of the URL out because I didn’t want anyone clicking the above link and then losing thier account too.. If you want the complete URL, let me know.
Anyway… I tried doing the password retrieval and to no avail..I currently have a support ticket open with yahoo, so maybe that help get my account back.
I was hoping someone from this forum has had the same issue and maybe knows what to do or maybe knows what the password was changed to (if you could reverse engineer the software that stole my account and then changed the pass.. you could probably find out what the pass was changed to? maybe?)
– Robert Raught
Yeah, seems like yet another phishing attack on Yahoo! Messenger users. You’ll be happy to know you join thousands of other users who have lost an account this year due to phishing and the problem of Yahoo! Messenger security team not doing enough in my eyes to protect its users from malicious links and webpages, broadcast on Yahoo!s IM client network.
December 8, 2004 at 7:37 am #107972kron_19792000MemberI am not sure if you can lose a yahoo account by just clicking on a link. The complete link would be helpful. Did you have to enter your password any where to check the page?
December 8, 2004 at 9:37 am #107974cozmikMemberI know it sounds odd, but no I didn’t have to enter my password or anything.. I know 3 friends that lost thier accounts very shortly after clicking the same link..
In fact!, shortly after my account was hacked all the friends on my list got the same mass message and it was from me! And then the next day when I was at a friends house I noticed myself log on.. and what made me realize that this was not a single person hacking my account is the fact that not only did I log on at that time but 3 other people logged on at the exact same time and it turns out that they had been hacked too and lost thier accounts.. then 5 minutes later all 4 hacked accounts logged out simultaneously.
Here, I’ll just split the URL in half so noone accidentally clicks it.
Please be very careful… do not lose your account.http://www.geocities.com/xll0o_sweet
_gal_o0llx/
DISCLAIMER!!! The above URL may steal your yahoo account. I am only posting it here for help. Do not click it if you do not know what you are doing. I cannot be held responsible.
Thanks again, appreciate any help anyone can offer. I have important information in this account.
December 8, 2004 at 11:00 am #107967d4rkn3ssMemberafter you clicked the link.. what were you presented with? I received a ” you are not authorised to view this page” so far.. my account is fine..
December 8, 2004 at 5:26 pm #107968aneagleParticipantWhen you are running Y!m and the preferences are set the way which allows you to just make one click to go directly to your yahoo account, a key is temporary stored in your computer for this. By clicking that link you may activate a hidden script that looks for the key and gains access to your account.
Malicious link sent in this case is without action and intention from the owner of the sending computer, precaution may be taken by asking the sender some questions to make sure he or she is sending the link and knows about it before you click the link.
December 8, 2004 at 8:47 pm #107975cozmikMemberOK thanks aneagle…. so from what you are saying… clicking the link from this forum would do nothing.. but if the link was sent via Y!M, then it would be potientally dangerous… and that is why d4rkn3ss is not having an issue with his account.
December 9, 2004 at 5:41 am #107960Jeff HesterKeymasterrunning the said URL thru a URL digger ( looking at source without opening the web page) as can be seen produces –
Sorry, the URL you entered (http://www.geocities.com/xll0o_sweet_gal_o0llx/) is invalid and cannot be found.
You can also check this yourself by entering the URL at http://sniptools.com/urlDig?
December 9, 2004 at 6:32 am #107973BuddhaSmileMemberOnce Yahoo is aware of pages like that, they are usually closed immediately, so I am not surprised the page is giving an invalid message. It is not the first nor will it be the last.
You are taking risks when you click links that you see in PM, or in chat. Losing a passoword is bad enough, but you can also get trojans (like Aplore) and spyware that causes all sorts of chaos.
Chat smart, don’t click a link until you know what it is, or why someone posted it!
December 9, 2004 at 6:31 pm #107976DermotParticipantYou should Never login to Yahoo on a geocities sub domain site.
Only page you need to login to geocities is http://www.geocities.com
Never login to a yahoo login site that has geocities ads hanging from the top of it.
Report any sites with fake login pages to [email protected]
They will be removed.
December 9, 2004 at 10:39 pm #107970SS_AntiHackerMemberUhm…too bad the page is gone. It would be nice if I can analyze it. But by the looks of it, probably taking advantaged of I.E’s exploits.
December 9, 2004 at 11:08 pm #107963NettiMemberHmmm Ok Second time today, that I have to agree with Dermot, but then to add something to it.
NEVER CLICK ON A LINK THAT SOMEONE SENDS YOU THRU YAHOO MESSENGER!!
You want to check out the link, then log out of messenger, all together, cut and paste it, and then go to the site…
It’s a great way to grab your IP, and your name and then just crack it.
Clicking on a link that was sent in a chat room, or in an IM is kind of like receiving an .exe file in your email, and opening it and installing it on your hard drive.
December 9, 2004 at 11:25 pm #107977DermotParticipantIts not even exploits these sites use.
what they do is copy source code from a legit yahoo login page..img urls and all…but add a second destination from the submit button so the id and password would be sent to a e-mail address…preferably the e-mail of the geocities subdomain id in yahoo!.
Then as any submit button u can choose an action after which the process has taken place and this usually is to open a new webpage and the user just picks a porn/webblog page to their choosing ..and you swear u just logged in legit…but in true fact you were just robbed of your yahoo account.
Having a few Yahoo! “illegal” id’s I get people trying those links all the time on me….so I checked the source of them more than once and reported them with sucess from geocities replying and the site been taken down.
December 10, 2004 at 1:33 am #107971SS_AntiHackerMemberI see…that was my guess because I didn’t get a chance to see the page itself as well as the user describing that their password was stolen by just clicking on the link.
December 10, 2004 at 3:39 am #107961Jeff HesterKeymasterQuote:quote:Originally posted by DermotIts not even exploits these sites use.
what they do is copy source code from a legit yahoo login page..img urls and all…but add a second destination from the submit button so the id and password would be sent to a e-mail address…preferably the e-mail of the geocities subdomain id in yahoo!.
Then as any submit button u can choose an action after which the process has taken place and this usually is to open a new webpage and the user just picks a porn/webblog page to their choosing ..and you swear u just logged in legit…but in true fact you were just robbed of your yahoo account.
Having a few Yahoo! “illegal” id’s I get people trying those links all the time on me….so I checked the source of them more than once and reported them with sucess from geocities replying and the site been taken down.
While what youre saying -is- true, its not as always as clear cut as that. While beginner newbies will just copy and past the document source code from a legitimate Yahoo! site. Often malicious users will modify the source code to meet the needs of the phisher. Malicious Phishers take part in all sorts of different techniques to make the humble Yahoo! user into thinking they are visiting a legit Yahoo! site. Add-ons from the original Yahoo! script kiddie fake-login Phish attempt can be infact based on Windows and IE flaws. For instance, a malcious phisher can use a IE based URL spoof exploit to add any URL into the address bar of Internet explorer, while using legitimate copied Yahoo! source code.
-
AuthorPosts
- You must be logged in to reply to this topic.