Possible Scam to Steal Yahoo Credentials?

[GeorgeK]

I received an email from someone earlier today looking to buy a high value domain, received to my Yahoo address.

Since he was using a Hotmail email address, a name that did not match the Hotmail username, and had a Turkish IP address, I sent back my standard "fax me a letter" response, given the guy is likely very unqualified, but using my corporate email address.

The guy writes back that "he doesn't understand", but then includes a HTML link. And he replied back to my Yahoo address, instead of my corporate email address.

It seemed fishy to me, so I loaded up a VMWare virtual machine using a non-standard operating system, and loaded up the page -- it was blank. I loaded up another program to view the source code of that page, without loading it in a normal browser, and there was a lot of encrypted Javascript, but nothing else.

I figure it might be an attempt to hijack passwords, or something, so folks might be on the lookout for clicking on links like that. When I googled the username in the Hotmail account, I noticed some reference to the username in some foreign language forum (one that Google doesn't translate, i.e. Turkish), but it referred to XSS and Yahoo (XSS = cross site scripting, a type of security issue), which increases the odds that the email is malevolent.

In conclusion, be wary of clicking links! If in doubt, use something like VMWare, with an oddball operating system.

Update - I just heard back from Yahoo Security, and they agree with me that the website appears malicious, so if you've had a recent email of the above nature, it might be wise to change your password. Also, check your account settings to ensure no one changed any settings (e.g. forwarding all emails to another account, or adding a filter to forward emails elsewhere).

[Acro]

Yes there are some very crafty methods out there, including embedding of trojan horses into wma audio files. I preview all emails in ASCII mode, never download attachments.

[Arrogance]

Appreciate the heads up George and Acro

[tonyfloyd]

unreal....of all the security needed to just read an email these days....such a dangerous place out there for the unsuspecting.....

[Acro]

You can also click here

[domaingenius]

One thing I did read on here is NEVER to use free emails like yahoo,hotmail
etc etc as the admin contact address on domains as they are much more likely to be
hacked. Imagine, you use a yahoo.com email address as admin. Hacker targets that
address and accesses it. In that inbox he discovers your "welcome to xyz domain
registrar" and password etc and away go your domains. Given how easily that
guy accessed the Sarah Palin yahoo email and said he simply answered the
security questions by looking answers up on Google ....

DG

[sdsinc]

Today I received several notifications from Enom:

Quote:

There was an attempt made to get your account password. Please note that many login names are similiar and someone may have made an error in their request, or were guessing at their login name.

This request came from 217.164.225.223

We do not have any additional information to provide you. If you are concerned about this attempt, you may want to change your password and/or the answer to your secret question on your account information page.

This is an automatically generated email, please do not reply.

Sincerely,
eNom, Inc.

Domain hijackers are on the prowl. Be careful.

[Acro]

Quote:

Originally Posted by sdsinc

Today I received several notifications from Enom:

Domain hijackers are on the prowl. Be careful.

Email abuse@emirates.net.ae

[Giode]

Quote:

Originally Posted by GeorgeK

I received an email from someone earlier today looking to buy a high value domain, received to my Yahoo address.

Since he was using a Hotmail email address, a name that did not match the Hotmail username, and had a Turkish IP address, I sent back my standard "fax me a letter" response, given the guy is likely very unqualified, but using my corporate email address.

The guy writes back that "he doesn't understand", but then includes a HTML link. And he replied back to my Yahoo address, instead of my corporate email address.

It seemed fishy to me, so I loaded up a VMWare virtual machine using a non-standard operating system, and loaded up the page -- it was blank. I loaded up another program to view the source code of that page, without loading it in a normal browser, and there was a lot of encrypted Javascript, but nothing else.

I figure it might be an attempt to hijack passwords, or something, so folks might be on the lookout for clicking on links like that. When I googled the username in the Hotmail account, I noticed some reference to the username in some foreign language forum (one that Google doesn't translate, i.e. Turkish), but it referred to XSS and Yahoo (XSS = cross site scripting, a type of security issue), which increases the odds that the email is malevolent.

In conclusion, be wary of clicking links! If in doubt, use something like VMWare, with an oddball operating system.

Update - I just heard back from Yahoo Security, and they agree with me that the website appears malicious, so if you've had a recent email of the above nature, it might be wise to change your password. Also, check your account settings to ensure no one changed any settings (e.g. forwarding all emails to another account, or adding a filter to forward emails elsewhere).

This is exactly the method someone used a year ago in attempting to hijack my names. I did click on the link provided, and later that night had my email hacked. The email I recieved said that they were willing to trade one of my names for the website in the in the link below.

Fortunately I was able to stop it. Thanks for the warning George.

[Acro]

Usually what happens is this: the link either executes javascript that installs malicious java applets which then act as a trojan (keylogger) or it changes email settings at the free provider. Usually the latter exploits a cross-scripting hole that is newly discovered and not yet patched by the browser creators (e.g. Microsoft or Mozilla). For the same reason, you should not talk on MSN, AIM, Yahoo etc with people you don't know. There are similar exploits that can attempt to access your computer via the messenger software.

[thevirtual]

Very frightening, especially after hearing news about someone hacking Obama's gmail account.

lol

[NetworkMsia]

Thanks George for the warning.

[WeBuyThe.Com]

What is the most secure way to protect email?
Is there a super secure host out there?

[Keyword Factory]

if you save your passwords in Internet Explorer they can be recovered easily. See http://www.nirsoft.net/utils/pspv.html

For the e-mail server you should use encrytped login using SSL