the klog

(Project 365 Day 314)

Today I fell for a phishing scam. :( A friend of mine sends me a link via Yahoo IM asking me to check out some geocities link. I click on it, and I get a Yahoo 360 sign-in page. "Strange that you'd need to sign in to see a geocities page, but Yahoo does own geocities, and I haven't been there in a while," I think.

So I put in my username/password and just get a Yahoo 360 homepage. Weird. I IM my friend to ask what the deal is, but he doesn't reply. I'm in the middle of working, so I quickly get distracted by other duties and don't think about it much.

A while later, I get a reply from my friend, along the lines of, "Huh?" Turns out he never sent me the link! "Crap!" I think. "I'm a doofus! I just fell for a phishing scam!" My friend had gotten the same link from one of HIS friends, and so I bet the bad guys have a program that recorded his password when he typed it into that bogus page, then logged in to his Yahoo IM account and spammed it to everyone on his buddy list.

It's quite insidious, because you're tempted to trust links your friends send you, and because this doesn't require any spyware on your computer; it's all done over the web.

So again, people, don't be an idiot like me. Think twice before putting your password in a page that asks for it!

Oh, and needless to say, I immediately reported the page to Yahoo (and it's been taken down now), changed my Yahoo password, and then changed the password in the various other places I use that same password, just in case. I also emailed everyone in my Yahoo IM buddy list to warn them, just in case my account sent them the bogus URL, too. Pain in the ass.