© 2014 - 2020 TimeCentury │ Cyber Security Advisory

    Hacking/Phishing Yahoo

    August 9, 2016

    I just got an email from Yahoo…

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Ahaaa… thank you, really good to know.

     

    There was a sign-in attempt, blocked… (from Yahoo, thank you)?

     

    Interesting, a user from Tanzania wanted to access my email account:

     

     

     

    No no, it was NOT me and yes, looks like that someone tried to access my account.

     

    So... is my account still secure?

     

    Maybe.... NOT

     

    Better I check it now, now…

     

    And click...!

     

     

     

    No, but wait – do you also hear the ringing alarm bells?

     

    The senders address is NOT Yahoo, it is <iliana27b@yahoo.com>

     

     

     

     

     

     

     

     

     

     

     

     

     

    Hi User, On Mon, Aug, 2016 1:02 PM… the day of the week is missing...

     

     

     

     

     

     

     

    By moving the cursor over the link review your email, the URL address in the lower left corner of the screen shows

     

     

     

     

    This means, that an URL shortener service (Bitly) was used to hide the real, true URL…

     

     

    Mhhh... we learned NEVER CLICK ON A LINK.. isn’t it?

     

    Ok, don’t click on the link...!

     

     

     

    Otherweise, the interesting point - just for educational purposes is - that the following can happen if one really click's on the link:

     

     

    1. It connects you - through the URL Shortener link -

     

     

     

    to a new window, a Yahoo login page.

     

    Cool, Yahoo we always can trust, isn’t it?

     

    2. But in the URL, one can observe the following two things:

     

    One, the  

     

     

     

    connects firstly to a hidden website called 

    s3-ap-southeast-1.amazonaws.com/prtbmm/nb/5.htm

     

     

    Second, then from there the payload for the fake Yahoo website is loaded and displays the login page of Yahoo...

     

     

    3. AND within the URL, there is hidden Java-code

     

     

    Copy/paste into word reveals over five pages of code…

     

     

    A legitimate URL for the Yahoo login page looks like this:

     

     

    Final Conclusions:

     

    If one really log’s into this provided fake Yahoo website, then the logon credentials username and password is gone (to the attacker).

     

    The attacker has full access to the account, he/she even can change the password.

     

    Furthermore, the Java code is executed and a malware installed on the computer.

     

    OK, let's never ever click on a link provided from an source we really don't know!

     

     

    Please reload

    Featured Posts

    Ley de Protección de Datos Personales

    August 3, 2016

    1/2
    Please reload

    Recent Posts

    July 6, 2016

    June 29, 2016

    June 29, 2016

    Please reload

    Archive
    Please reload

    Search By Tags
    Please reload

    Follow Us
    • Facebook Basic Square
    • Twitter Basic Square
    • Google+ Basic Square