08 August 2006

What The Phish!

Got a Yahoo Messenger message from a friend today that showed a link to a Geocities photo album. Unknowingly, I click the link and it led me to a Yahoo login page (since Geocities was acquired by Yahoo, I didn't suspect anything amiss) where I stupidly keyed in my userid and password.

Minutes later, I got an email from Yahoo notifying me that I have changed my password.
Right away, I knew I've been phished.

I have to admit, I was fooled despite being technically savvy and have not gotten into any virus trouble in the last 5 years. All it took was a moment of letting my guard down and poof! goes my clean record.

Had it been in an email, I would have been more vigilant since spam, trojan and phishing emails are plenty abound on a daily basis.

I have to say this is a first for me from instant messengers and I guess I learned my lesson the hard way.

I am one of those people who uses ONE userid and ONE password for everything. What this means essentially is as long as one of my accounts kena compromised, I have to change everything. I lost a day of work just changing passwords.

Looking on the bright side, it's about time I changed my password for I have been using it for 10 years already. What better than a kick in the ass for me the get the wheels of change in motion.

Anyway, here a write-up about a Yahoo messenger phishing attack. <--- It's safe to click lah!

- Voxeros

1. Gary left...
Wednesday, 9 August 2006 11:20 am
so is your yahoo mail is gone??

2. JayWalk left...
Wednesday, 9 August 2006 12:44 pm :: 
Gary: Fortunately, I reacted fast enough to reset the password and get a new one mailed to my alternate email, thus locking both the perpetrator and myself out. After that, when I received my new password, I was able to log back in and change to another password.
Here's a tip for all Yahoo mail users. Always assign another email address as an alternate email, in case of emergencies like this.

3. sunflower left...
Wednesday, 9 August 2006 1:31 pm
oh dear, please dont adopt ONE userid and ONE password for everything. Change change change change, all userid with differ passwords please...

4. JayWalk left...
Wednesday, 9 August 2006 2:17 pm :: 
sunflower: If every one of them is a different userid and password, I doubt if I can keep track of all of them.

I probably lose the account as a result of not remembering which userid/password I used!

5. Chocolate left...
Wednesday, 9 August 2006 5:54 pm
Poor daddy..

6. JayWalk left...
Thursday, 10 August 2006 12:18 am :
Chocolate: The consolation is that I got away pretty much unscathed albeit slightly inconvenienced.

7. Chocolate left...
Thursday, 10 August 2006 12:22 am
Okie loh.. i hope i wont be so blur blur.. lucky i dont have yahoo messenger.. :p

8. aloe left...
Thursday, 10 August 2006 9:01 am
Wah! Heng u noticed it earlier and managed to get away. =)

9. JayWalk left...
Thursday, 10 August 2006 10:11 pm ::
Chocolate: I doubt if this is exclusively a Yahoo Messenger issue. I have heard of other messengers getting malicious payload albeit in a different form.

Anna: Good thing that Yahoo Mail has this feature where it notify of change of password to my alternate email right away. Hence I was able to react immediately. I guess I was lucky to be online at that time when the attack took place.

10. hitomi left...
Friday, 11 August 2006 11:28 am
Good thing I read this before I received a Yahoo message from my sister to check out her new profile... almost kena...

11. JayWalk left...
Wednesday, 16 August 2006 2:18 am :: 
hitomi: That's the main purpose of that blog entry. Glad it'd helped you. :)

No comments: