Victim Of A Yahoo Messenger Phishing Attack

0 comments suggest edit

Fish UPDATE:I am back in business. I have re-obtained control over my Yahoo account. So the IM messages you receive from me are really from me. I won’t make this mistake twice.

Never operate a computer while sleep deprived. In fact, I am starting to think people should be licensed to get on the internet much like you do to drive a car. I am absolutely mortified to admit this, but I got suckered in a phishing attack that occurred via Yahoo Messenger.

I received an IM from a former boss with a link to a geocities photo gallery. When I clicked on the link, it looked just like a Yahoo photo gallery. Thinking (or rather not thinking), “Oh yeah, Yahoo owns Geocities now, right?” I logged in to see the photos. Big mistake. Right then I had the sneaking suspicion that I had done something painfully wrong.

And today, it was confirmed when a friend emailed me to tell me that I got my password jacked. If you see an IM from me or anyone with the link http://www.geocities.com/ladivabev/photos_pics.html (or rather any geocities link) DO NOT CLICK ON IT.

I cannot believe I fell for this. I am usually excellent at spotting and ignoring these, but everybody has their off days. And lately, I have had a string of them. I recently accidentally deleted all my backup data on my external hard-drive. Sleep deprivation is a killer.

And if you receive an IM or Yahoo message from me, please know it is not from me until further notice.

Found a typo or error? Suggest an edit! If accepted, your contribution is listed automatically here.

Comments

avatar

54 responses

  1. Avatar for tod
    tod May 3rd, 2006

    That sucks. Sorry to hear it.

  2. Avatar for Niels Hansen
    Niels Hansen May 3rd, 2006

    So do we get rid of this site? Is there anyway to notify Yahoo of this so others do not fall into this trap. I also wonder how many other geocities pages they have that they are using?
    This is getting really bad and I don't see how its going to get better anytime soon!

  3. Avatar for Niels Hansen
    Niels Hansen May 3rd, 2006

    The anti-Phishing component in IE 7 caught this site as being a suspicious website.
    So maybe there is hope! Now we need to make sure Firefox and Safari include this technology to protect the masses!

  4. Avatar for Joe Brinkman
    Joe Brinkman May 3rd, 2006

    How do we know that it is really you writing this blog?

  5. Avatar for Haacked
    Haacked May 3rd, 2006

    I reported the site to Yahoo. Haven't heard anything from them.
    Here's their email: mailto:phishing-abuse@cc.yahoo-inc.com

  6. Avatar for jayson knight
    jayson knight May 4th, 2006

    I was recently victim to a huge phishing scam with a major online auction site (can't discuss details as the lawsuit is still pending)...several thousand dollars worth of phishing to be exact. I trust absolutely NOTHING on the internet now.

  7. Avatar for Haacked
    Haacked May 4th, 2006

    Joe, good question. How do you know I've ever written any posts on this blog? This is all produced by an automated vbscript.

  8. Avatar for JackAce
    JackAce May 8th, 2006

    What? Don't I get some credit for reporting this to you? How about some love?
    Don't feel bad. I think your IM phish was the fourth one I got this month. Of course, they were from all biz dev types...You were the first tech guy -- you get a cookie!

  9. Avatar for Haacked
    Haacked May 8th, 2006

    Thanks man. I showed some love in my last post. Thanks man!

  10. Avatar for A fellow victim
    A fellow victim July 6th, 2006

    So what did you do to regain control of your account? I think I am suffering from the same thing!

  11. Avatar for Haacked
    Haacked July 6th, 2006

    I contacted Yahoo Customer Care. I had to fax them the information I used when first signing up for the account.

  12. Avatar for y
    y July 12th, 2006

    I did the same thing and went to a geocities site sent to me from someone on my buddy list. I copied and pasted the link into my browser and it stole my password. When I signed up with that yahoo account I used false informatio that I didnt write down. Yahoo customer service is worthless. I have been trying to learn how to hack just to get my own email account back.

  13. Avatar for Niti
    Niti August 2nd, 2006

    Same thing happened to me 2 days back. I opened the link when I just woken up. I have emailed yahoo customer support. I am not sure if they will resolve it. :(

  14. Avatar for xyz
    xyz August 15th, 2006

    Hey I am also suffering from same thing..Please help me getting back my inbox and other contacts.My id is also hacked .Please help me what should I do?? Your help will be greatly appreciated

  15. Avatar for Tweety
    Tweety August 15th, 2006

    I am also a victim along with 10 other friend of mine. Two more links
    -->http://geocities.com/great_...
    -->http://www.geocities.com/pi...
    How long did it take you to get back your account?

  16. Avatar for xyz
    xyz August 15th, 2006

    How did you contact Yahoo Customer Service.Please give me details

  17. Avatar for Haacked
    Haacked August 15th, 2006

    I contacted them via their website. You can go to this link Yahoo Customer Care.

  18. Avatar for Joe Hanink
    Joe Hanink August 17th, 2006

    This happened to me today. I reported the url to US-CERT.GOV for good measure. I also reported it to google at http://www.google.com/safeb...
    Anyway, i found that my yahoo userid and password got sent to staff.yahoo.mail.admin@gmail.com
    via http://www2.fiberbit.net/fo...
    I did whois on this domain and it's registered to someone in Japan.
    I realized that this might be phishing and confirmed it using a network tcp packet sniffer to watch the http traffic. I changed my password immediately, so I should be ok.
    Note that IE7 and Firefox 2 will have anti-phishing measures.
    Joe Hanink

  19. Avatar for Hina
    Hina August 22nd, 2006

    My account got hacked too. I received this link a geocities from a relative 2 - 3 weeks back saying yahoo owns geocities now and view my photographs.. i logged into it to view the photos.. the id got hacked on aug/19/2006.
    i lost my id and it is not verifying my personal information :(
    can anyoone help me in retrieving my password? :-(
    -Hina

  20. Avatar for ~KIDD~
    ~KIDD~ August 28th, 2006

    I just got nailed today and now I cannot get my ID, Mail or anything else to work. I've contacted yahoo customer care, but have not heard anything back yet. How do I get my Id back? I need some serious help here!!
    ~KIDD~

  21. Avatar for steve moore
    steve moore August 30th, 2006

    On August 18, 2006 I became a victim of a phishing scam through my yahoo messenger. I have call yahoo at there customer support # which is 866 562 7219 which I just get referred back to emailing yahoo security which is
    account-security-help@cc.yahoo-inc.com
    which I have sent over 30 emails asking for help. The sad thing of this matter is the hacker change all aspects of my account information, my zip code don't match what yahoo has on record now. The secret question they ask for I don't recall. So to make a long story short I loss pictures I had stored of my children, family, friends and several contacts that I only had stored there. Yahoo has been NO help at all to me. So I guess the phishing hacker won this battle with the help of yahoo customer service if any one reads this with a similar experience that finally got there account back please let me know I'll be back checking this site... Thanks for letting me Vent...Steve

  22. Avatar for JD
    JD September 5th, 2006

    Same happen to me has anyone here, got their account back yet? Trying to determine how long it will take to get your account back, if you can at all.

  23. Avatar for vish
    vish September 10th, 2006

    - and so i join the esteemed club of those snookered by the geocities phishing scam. my old account is still active, but i cannot access it because, as you all know, the personal information and security questions have been changed by the interloper. - yahoo was indeed useless to me, but it isnt really their fault. - i have pretty much given up on ever getting my old id back, but i am curious; does anyone know who these people are, what they are looking for and 'why' my account would still be active months after being hacked? - (i remain open to suggestions for retrieving my old id.) - good luck to all sabatoged.
    - die phisher scum.

  24. Avatar for susan
    susan September 16th, 2006

    I clicked on a link from a friend, and it said yahoo pictures so stupid me put in my yahoo name and password and someone hijacked my account. I know some of my friends on messenger got the link from me but I didn't send it. I guess it sent after I clicked it and they lost their yahoo accounts too. If you did have this happen you need to email yahoo at this email addres.
    account-security-help@cc.yahoo-inc.com
    I got this email from the support guy at yahoo. The phone number there is 1-866-562-7219. It took me forever to find this number so write it down for safe keeping. If you email them about your account being stolen, in the subject just type your yahoo id and then in the body explain what happened. They will email you back an auto response and you fill it in and email it back. I guess I forgot my security question or something and they emailed me back and told me to fax them my state id. I did this and a few days later they emailed me and I had my account back. It took me about a week to get this done. Hope this helps anyone out there.

  25. Avatar for susan
    susan September 16th, 2006

    This may help. I forgot I still had this. This was my final step in getting back my ID. It worked for me. Good Luck.
    Hello Susan,
    Thank you for writing to Yahoo! Account Security.
    We apologize for the miscommunication that contributed to this
    confusion.
    In order to assist you with the account in question, we ask that you
    provide the answers to all of the questions below. Yahoo! keeps
    detailed records of the information you provided during the registration
    of your account. Without an *exact* match we will be unable to assist
    you with your account. Fax or send via regular postal mail the
    information listed below. (We are sorry for the inconvenience, but in
    order to provide proper security for our member accounts, these steps
    are necessary.) Please send us all of the following:
    * Your name
    * An email address where we can contact you -- at this time we are only
    able to reply via email.
    * Copy of a state/government issued photo ID (please copy on the
    lightest setting of your copier).
    * Yahoo! ID
    * Permission for Yahoo! to enter your account
    * Birthdate on the account
    * ZIP code and country
    * Your alternate email address
    Please fax the information to:
    (503) 615-3883
    Attn: CC Account Security Team
    or mail it to:
    Yahoo!
    attn: Customer Care/Account Security
    701 First Avenue
    Sunnyvale, CA 94089-1019
    For security reasons, if you are unable to supply us with the correct
    information in your next request, we will not be able to offer
    assistance with this account.

  26. Avatar for Scott St
    Scott St September 18th, 2006

    The latest scam is to send links to Geocities sites that appear to have amusing or sexual content, i.e. www.geocities.com/blondybab..., www.geocities.com/spermbank..., and www.geocities.com/eat_my_ch.... After being tricked into logging on, you are either directed to a Geocities web site that has the type of content you expect, or else the "build your own website" generic Geocities page.
    I did not ever lose control of my account, the hijacker seemed to only use my IM to send out more links to other users. But I do not use Yahoo! Wallet (for precisely this reason) and use this account only for social email and chat - so there was not really anything else useful the hackers could get from me besides a possible way into more profitable accounts.

  27. Avatar for oktobre
    oktobre September 23rd, 2006

    I too have recently received an IM suggesting there were new photos at a geocities site from one of my Yahoo! Messenger friends. Not really thinking about it, I clicked. I have my settings so that I am always already signed into Yahoo! sites when I click from a messenger window so was never asked for my ID and password...I simply was brought to an error page. I sent an offline to my friend saying I wasn't able to see her pictures and she eventually IMed back saying she never sent that IM to me. :o Yikes! Well, I don't believe I have at any point so far lost control of my Yahoo! account, but as a precaution, I did change my password.

  28. Avatar for Tejash
    Tejash October 4th, 2006

    thanks this is really useful ... Since I was also victim of that.

  29. Avatar for wota
    wota October 5th, 2006

    Just had a similar (lucky) escape. Received an IM from a buddy, who's obviously fallen for this phish to "visit this really cool site" clicked on the link:
    http://www.geocities.com/nk...
    and was shown a geocities 360 beta log in page. Logged in and sussed it straight away and changed my password immediately. I almost got suckered though because it was from someone I knew.

  30. Avatar for Amy
    Amy October 9th, 2006

    I too fell for this scam. I thought, gee, I guess 'profile-surfers' got tired of me blocking them and reporting them as spam and they finally reported me. I too go to the 'yahoo website' and put in my info and BAM, there it all went wrong.
    Anyway, all of you know what happened after that. I emailed Yahoo on Monday morning around 9 a.m. I got an email telling me how to change my password. I told them I already did that. They emailed me and asked for my secret answer. I told them that since I started this ID 10 years ago, I can't remember what the question was! I got another email telling me how to change my password. This went on for 3 days or so. On Friday A.M., I got another email telling me what my Security Question was, so I emailed back the answer. FINALLY, Friday afternoon around 4, my password was changed back and MY YAHOO IS BACK!!!!
    So, the moral of this story? PERSISTANCE PAYS OFF!!!! Good luck for everyone who is still trying to get their ID back!

  31. Avatar for trying to get yahoo account ba
    trying to get yahoo account ba October 16th, 2006

    hi all, i just got phished sunday morning after clicking on a link saying that i would find my pictures being used there. well, low and behold i couldnt enter my account after being kicked off of it. it keeps saying invalid. i emailed yahoo several times and i even called customer care in which they referred me to this email in which i send them all my original registration information.
    now im waiting for a response from the email in hopes of getting my yahoo account back. how can i remember the secret question if when i request my password, my zip code was changed? this is a job in itself!! the information provided on this sited is pretty useful, thanks alot guys. and good luck to all in pursuit of getting your accounts back.

  32. Avatar for Kevin
    Kevin October 22nd, 2006

    I wonder about one thing, you are saying its your friend's or bosses or relatives on your yahoo buddy list , so they are the hackers or some one who hacked their accounts sending these URLS ?
    Kevin

  33. Avatar for Haacked
    Haacked October 22nd, 2006

    Someone who hacked their accounts was sending these URLs. Most likely an automated script.

  34. Avatar for Rohit
    Rohit October 28th, 2006

    Now that we all know that our account has been hacked and being misused, Yahoo should help us in getting our account back with any proof we have that proves our ownership of account. If they will ask predefined questions like date of birth, pin code etc etc and insist on their exact match, they are doing nothing but help the hackers.

  35. Avatar for Rey
    Rey October 29th, 2006

    I got victimized by this phising this morning when I carelessly clicked on a link on an offline message from a relative (there are more than 10 of them listed). When an empty IE window opened I immediately remebered about this scam and I opened another IE window to log in to my yahoo Inbox and lo! I got the wrong password error three times I tried. Got back to IM immediately, clicked on the email icon below for my Inbox, a prompt that asked if I want to log automatically came up, I chosed yes and then I got to my Inbox with relief and immediately changed my password, saved!!!

  36. Avatar for Leah
    Leah October 30th, 2006

    I got tricked into this one too, and I am usually so careful!
    I would like to know to, what's a hacker want with my yahoo info? I mean, what's the point of this scam?

  37. Avatar for Joshua
    Joshua November 5th, 2006

    >> http://www.geocities.com/pi...
    This is the link I got from my friend on friday, and saturday, everybody on my buddylist got an offline message from me with a somewhat similar link. Then I figured I got tricked. One of my friends who got the link suggested me to change my password. Maybe the hackers are trying to get credit information or such from our accounts. Who knows, I changed the password immediately. I am not sure if they will be able to continue what they intended. I am sorry for the friends who got the link from my account... Hope nobody gets tricked.

  38. Avatar for musclethong2003
    musclethong2003 November 5th, 2006

    My turn.
    As of this morning, 11/06/06 I lost the ability to sign into my Yahoo messenger and e-mail .
    About three or four weeks ago, someone on my Yahoo messenger sent me and instant message, saying to check out a profile on geocities. I assumed it was a friend of hers.
    I clicked on the link. What appeared as a geocities sign in page appeared. I put in my username and password. I got the response "web site busy, check back later".
    I wrote customer care this morning because I can't remember all my original info since i moved several times.
    Told them to either cancel the account completely or help me with a new password.
    Oh well.

  39. Avatar for Slovensko
    Slovensko November 12th, 2006

    From a friend of mine, a heartwarming tail xD
    >>>
    Just wanted to let you know, I almost fell victim to the same thing. A friend of mine who had a certain sense of humor had her account hijacked, and sent me a message in much the same fashion. Timeline:
    1. Attempted login at the phishing site the first time, used wrong password.
    2. Wondered why I didn't get logged in. Tried again with real password.
    3. Now really wondered why I didn't get logged in. Then recalled that the form data sent the stuff to some third party site, and that Yahoo Photos wasn't on Geocities.
    4. Hit back, viewed source code of page, noticed form was being sent to third party unsecure mailer cgi. Resent username and password, with password as "Fuck you".
    5. Found password changer on yahoo site, changed password twice, just in case a bot was able to login and survive one password change. (You never know)
    6. Thirty minutes later, sent off 20,000 faulty username/password combinations through same mailer to the gmail account of the phisher.
    7. Switched to random interval mailings of the same thing, so that they blend in with stolen real username/password combinations. (To date: several days)
    8. As a result, received buddy list request from someone named "Fucking_stop_emailing"
    Just wanted to share with you all

  40. Avatar for ViC
    ViC November 12th, 2006

    Keep sending - don't stop!!!
    ==
    Mine and my wife's ID has been stolen a week ago.. the same link-from-body scam. Talked to Yahoo customer (don't) care and got into a vicious circle - can't provide alternate address, because phisher has already changed it... therefore can't get back my account. Asked them to delete my account and they keep asking me for the password. How do I get a new password? By alternate email address, of course! Dumb operators.
    Talked to a supervisor but she kept asking me the same question - the alternate email address!!! What a stupid situation? Is there a way to TALK to somebody there who has brain? There are so many ways to verify an identity.
    If I would intend to "steal" somebody's email address, would I call Yahoo's customer service at all?

  41. Avatar for musclethong2003
    musclethong2003 November 12th, 2006

    A follow up report. I called Yahoo customer service yesterday morning. Surprisingly, I had very little problem getting through.
    Long story short: The only thing Yahoo can do for you is what you can already do for yourself.
    If you click on the LOST PASSWORD link, there is a form to enter your date of birth, zip code, username.
    Now, supposedly, it's supposed to be based on your ORIGINAL zip code when you first signed up. This says to me that even if the hacker changed the zip code after stealing the account, Yahoo's database should have a record of the original zip code on file.
    Unfortunately, I cannot backtrack far enough to figure out which zip code it was. So again, they can't help me.
    So once again: The only thing Yahoo can do for you is what you can already do for yourself. They are basically no help at all.
    Fortunately (like Scott St above 09/19/06) I only used the account for anonymous social networking and chat. No credit cards were associated with the account.
    Obviously the hackers are using the account to send out the false geocities sign in pages to more people; but to what end?
    KEEP POSTING PEOPLE...THIS IS A HOT TOPIC

  42. Avatar for Victim of a prank
    Victim of a prank November 16th, 2006

    I was also a victim of this incredible prank.
    My screen name was used to IM to all my friends and family, including my 13 yr old niece.
    I was really upset, thanks to the Lord she was not able to enter the site.
    It is unreal that Yahoo can't do nothing to help us in this matter.
    I talked to Latoya, a Yahoo customer rep., and she said the only thing I could do was change my password weekly. By doing that it would be more difficult to the jacker to get access to my account or any other account.
    And today, it was confirmed when a friend emailed me to tell me that she also got jacked.
    If you see an IM from me or anyone with the link http://www.geocities.com/la... (or rather any geocities link) DO NOT CLICK ON IT.

  43. Avatar for musclethong2003
    musclethong2003 November 17th, 2006

    SUCCESS!
    I managed to "hack" my way back in this morning.
    I am laughing at myself for putting in information that was so misleading even I couldn't remember it. (I didn't want my exact birthday since someone could combine that with some other account information). I had to guess what I was thinking at the time.
    My suggestion is this:
    Click on "Forget your ID or Password"
    Write down every zip code you've lived at since you created that Yahoo username.
    Put in your birthday and username
    When you get that much it gives you a security question you put in. After that it gives you a new password to use on the screen.
    Some things to note:
    The hacker didn't open a single e-mail. They were all unread. Even the e-mail confirming the hacker's password change was unread. I can't figure out the purpose of this "scam" if you can even call it that.
    The hacker didn't go into any of the Yahoo services I was using, like Photos or Groups, for instance.
    What a sigh of relief that i got control of my account back.
    Good luck!

  44. Avatar for Dog
    Dog November 21st, 2006

    Is this where all the crying goes on or does it help with info and actions? Cause i dont see any info on what to do. But then again i spose' thats typical.

  45. Avatar for Angel
    Angel November 26th, 2006

    My name has been hacked into also! I cannot find out anything. They changed my password and all of my information! Please help!!!

  46. Avatar for ether
    ether November 30th, 2006

    hey for the people who got there password back do you have any info on what the hacker changed the password too?
    this may help us all cause im pretty sure this dude is not changeing all the passwords with diffrent names he will be useing the same password for all his little stoleing acounts?

  47. Avatar for Ex-victim of this phishing
    Ex-victim of this phishing December 1st, 2006

    EITHER:
    1. Call Yahoo customer service - 1-866-562-7219
    OR:
    2. Or click on the link on the e-mail log on page, "Forgot your ID or Password?", and fill out the info: Birthdate, Zip Code, Country, letter from the security image, and your Yahoo ID. If this information matches the info in Yahoo's database, the next screen will be a security question that you orginally used like favorite pet or mother's maiden name(you probably forgot you ever did that).
    As was mentioned earlier, when I regained control of my account, I went straight to the e-mail where I had about 150 unopened e-mails. Nothing was tampered with. It's almost as if the goal of this Phishing scam is not to get personal information but to cause inconvenience.
    I highly, highly, doubt that this is one "dude" using the same password. This is something that's replicating itself to happen to so many users.

  48. Avatar for Helen
    Helen February 4th, 2007

    someone got into my yahoo account and changed my account info and password so i couldn't recover my password or anything.
    I emailed yahoo constantly but never got anywhere as they kept asking for account info which the hacker had changed.
    Eventually I phone yahoo customer services in the UK (0870 3522000). They asked me for my brithdate and then got me to give them a list of people's addresses in my address book to confirm it was catually my account.
    I've now got my account back!

  49. Avatar for Cece
    Cece February 14th, 2007

    I just got off the phone with Chester at Yahoo! customer care and he took care of the problem. I am now able to access my account!
    I have changed my password, and will probably change it at least weekly.
    Probably the best time to call the folks is around 3pm pacific time. I called at around 5:48 pm eastern time.
    I hope this gives someone hope!!
    C.

  50. Avatar for ~ Smaic ~
    ~ Smaic ~ July 17th, 2007

    to be are not to be......

  51. Avatar for n8
    n8 August 3rd, 2007

    this attack is still going around, as I fell for it a few days ago in the exact same way. :-P
    I just faxed off the info to Yahoo! Customer Care...
    n8

  52. Avatar for Dave
    Dave August 4th, 2007

    I haven't a clue how or when my yahoo id was stolen. I didn't check it all that often. But when I went to do my check in it told me my password was wrong. So I wasn't sure if they had sut down my email address or not. So I sent a few emails to my old address and they went through which tells me my old address is still up and running. I've been in contact with Yahoo for awhile now and nothing concrete yet.

  53. Avatar for Dave
    Dave August 6th, 2007

    Well I got it back today but it seems it was all for nothing as I had 0 mail items now in my account. Oh well at least I don't have to worry about someone mis using my account.

  54. Avatar for sherry
    sherry August 15th, 2007

    someone stoled my friends name i want to get it back how do i?