Hacking/Phishing Yahoo

August 9, 2016

I just got an email from Yahoo…

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Ahaaa… thank you, really good to know.

 

There was a sign-in attempt, blocked… (from Yahoo, thank you)?

 

Interesting, a user from Tanzania wanted to access my email account:

 

 

 

No no, it was NOT me and yes, looks like that someone tried to access my account.

 

So... is my account still secure?

 

Maybe.... NOT

 

Better I check it now, now…

 

And click...!

 

 

 

No, but wait – do you also hear the ringing alarm bells?

 

The senders address is NOT Yahoo, it is <iliana27b@yahoo.com>

 

 

 

 

 

 

 

 

 

 

 

 

 

Hi User, On Mon, Aug, 2016 1:02 PM… the day of the week is missing...

 

 

 

 

 

 

 

By moving the cursor over the link review your email, the URL address in the lower left corner of the screen shows

 

 

 

 

This means, that an URL shortener service (Bitly) was used to hide the real, true URL…

 

 

Mhhh... we learned NEVER CLICK ON A LINK.. isn’t it?

 

Ok, don’t click on the link...!

 

 

 

Otherweise, the interesting point - just for educational purposes is - that the following can happen if one really click's on the link:

 

 

1. It connects you - through the URL Shortener link -

 

 

 

to a new window, a Yahoo login page.

 

Cool, Yahoo we always can trust, isn’t it?

 

2. But in the URL, one can observe the following two things:

 

One, the  

 

 

 

connects firstly to a hidden website called 

s3-ap-southeast-1.amazonaws.com/prtbmm/nb/5.htm

 

 

Second, then from there the payload for the fake Yahoo website is loaded and displays the login page of Yahoo...

 

 

3. AND within the URL, there is hidden Java-code

 

 

Copy/paste into word reveals over five pages of code…

 

 

A legitimate URL for the Yahoo login page looks like this:

 

 

Final Conclusions:

 

If one really log’s into this provided fake Yahoo website, then the logon credentials username and password is gone (to the attacker).

 

The attacker has full access to the account, he/she even can change the password.

 

Furthermore, the Java code is executed and a malware installed on the computer.

 

OK, let's never ever click on a link provided from an source we really don't know!

 

 

Please reload

Featured Posts

Ley de Protección de Datos Personales

August 3, 2016

1/2
Please reload

Recent Posts

July 6, 2016

June 29, 2016

June 29, 2016

Please reload

Archive
Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
</