« The End of Time | Main | Time Zones (a haiku) »

Hook, Line, Sinker (How I fell for a phishing scam)

Hook, Line, Sinker (How I fell for a phishing scam) (Project 365 Day 314)

Today I fell for a phishing scam. :( A friend of mine sends me a link via Yahoo IM asking me to check out some geocities link. I click on it, and I get a Yahoo 360 sign-in page. "Strange that you'd need to sign in to see a geocities page, but Yahoo does own geocities, and I haven't been there in a while," I think.

So I put in my username/password and just get a Yahoo 360 homepage. Weird. I IM my friend to ask what the deal is, but he doesn't reply. I'm in the middle of working, so I quickly get distracted by other duties and don't think about it much.

A while later, I get a reply from my friend, along the lines of, "Huh?" Turns out he never sent me the link! "Crap!" I think. "I'm a doofus! I just fell for a phishing scam!" My friend had gotten the same link from one of HIS friends, and so I bet the bad guys have a program that recorded his password when he typed it into that bogus page, then logged in to his Yahoo IM account and spammed it to everyone on his buddy list.

It's quite insidious, because you're tempted to trust links your friends send you, and because this doesn't require any spyware on your computer; it's all done over the web.

So again, people, don't be an idiot like me. Think twice before putting your password in a page that asks for it!

Oh, and needless to say, I immediately reported the page to Yahoo (and it's been taken down now), changed my Yahoo password, and then changed the password in the various other places I use that same password, just in case. I also emailed everyone in my Yahoo IM buddy list to warn them, just in case my account sent them the bogus URL, too. Pain in the ass.

Comments (3)

Ooh, that's bad. Looks like not a lot was compromised, though. Still, good of you to post this. We all run into the consequences of our own silly behaviour sometimes, but it's really helpful if we share this. Not just shut up because it would seem embarrassing.

I just got a similar link today. It's a good thing I read your blog. Thanks for posting it!

Make sure you inform the friend you got the IM from that they're infected, and that they should change their Yahoo password!

Post a comment

LEAVE THIS FIELD BLANK. IT IS HERE TO TRAP ROBOTS.

LEAVE THIS FIELD BLANK. IT IS HERE TO TRAP ROBOTS.

LEAVE THIS FIELD BLANK. IT IS HERE TO TRAP ROBOTS.

About

This page contains a single entry from the blog posted on August 30, 2007.

The previous post in this blog was The End of Time.

The next post in this blog is Time Zones (a haiku).

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.3