Hacking/Phishing Yahoo
I just got an email from Yahoo…
Ahaaa… thank you, really good to know.
There was a sign-in attempt, blocked… (from Yahoo, thank you)?
Interesting, a user from Tanzania wanted to access my email account:
No no, it was NOT me and yes, looks like that someone tried to access my account.
So... is my account still secure?
Maybe.... NOT
Better I check it now, now…
And click...!
No, but wait – do you also hear the ringing alarm bells?
• The senders address is NOT Yahoo, it is <iliana27b@yahoo.com>
• Hi User, On Mon, Aug, 2016 1:02 PM… the day of the week is missing...
• By moving the cursor over the link review your email, the URL address in the lower left corner of the screen shows
This means, that an URL shortener service (Bitly) was used to hide the real, true URL…
Mhhh... we learned NEVER CLICK ON A LINK.. isn’t it?
Ok, don’t click on the link...!
Otherweise, the interesting point - just for educational purposes is - that the following can happen if one really click's on the link:
1. It connects you - through the URL Shortener link -
to a new window, a Yahoo login page.
Cool, Yahoo we always can trust, isn’t it?
2. But in the URL, one can observe the following two things:
One, the
connects firstly to a hidden website called
s3-ap-southeast-1.amazonaws.com/prtbmm/nb/5.htm
Second, then from there the payload for the fake Yahoo website is loaded and displays the login page of Yahoo...
3. AND within the URL, there is hidden Java-code…
Copy/paste into word reveals over five pages of code…
A legitimate URL for the Yahoo login page looks like this:
Final Conclusions:
If one really log’s into this provided fake Yahoo website, then the logon credentials username and password is gone (to the attacker).
The attacker has full access to the account, he/she even can change the password.
Furthermore, the Java code is executed and a malware installed on the computer.
OK, let's never ever click on a link provided from an source we really don't know!
