Man, Man, Man, Dude, Dude, Dude... I just missed out giving away my password to some stupid hackers. And those hackers are so so stupid and I will tell you how they have set up the entire game!! I am so busy that most of the times I am not much attentive and like to do things fast, but this time around a little attention saved me. Next time onwards I will be a lot more attentive.
E-mail is such an important thing and people have so much important information stored in an e-mail address. Numerous other login information, bank information, personal information and even credit card information. Moreover people use e-mails for password recovery. If anyone hacks your e-mail he can get your facebook password and all other passwords just by clicking on the small forgot password link!!
Now, lets have a look at the plot!!!
I get an e-mail from an E-mail Address noreply-alert@yahoo.com which seems like a Yahoo! e-mail address. Below is what the e-mail is about:-
So here you may notice that they are using a yahoo.com e-mail not yahoo-inc.com e-mail which are officially used by Yahoo! I worked in Yahoo! for sometime and I had one of those e-mails. Generally the e-mails which you receive from Yahoo! are customercare-en@cc.yahoo-inc.com and do-not-reply@yahoo-inc.com. But yet it is possible to send you e-mails from these e-mail addresses or even your own e-mail address!!! You don't know how? Its very easy. They will just use the PHP mail() function and use any e-mail which they want to send from in the sender's field. If you do not know any programming and don't believe that, just contact me and I will send an e-mail from your e-mail address to your e-mail address, just to show you how it works. So never trust the information which you get through an e-mail or I would say trust with caution and do not reply and give away any sensitive data through those e-mails.
Once you click on the Click here link you are redirected to a page which looks Much like the Yahoo! login page!! Yes not completely like. Below is how it looks, but 70% of intelligent people would not notice the small things I have pointed out in the image below:-
After I filled in the form with some false username and password, and clicked on the sign in button, I was redirected to the Yahoo! e-mail page as expected. Most of the people know that you need not sign in again if you are already signed in, but in a hurry they might put in their correct username and password just to see what is in it for them. And then they do not even realize that their username and password has been saved in the database of these buggers.
You might wonder how they made a page like this. But I assure you don't need great skills to copy the front end of a web page. You just copy and html and css and upload it in your website. These guys did the same and just linked the form to their database. This means whatever you enter in those fields gets stored in their database after which they smoothly redirect you to the Yahoo! e-mail page which you are already logged into!!
So how to be safe??
E-mail is such an important thing and people have so much important information stored in an e-mail address. Numerous other login information, bank information, personal information and even credit card information. Moreover people use e-mails for password recovery. If anyone hacks your e-mail he can get your facebook password and all other passwords just by clicking on the small forgot password link!!
Now, lets have a look at the plot!!!
I get an e-mail from an E-mail Address noreply-alert@yahoo.com which seems like a Yahoo! e-mail address. Below is what the e-mail is about:-
Once you click on the Click here link you are redirected to a page which looks Much like the Yahoo! login page!! Yes not completely like. Below is how it looks, but 70% of intelligent people would not notice the small things I have pointed out in the image below:-
After I filled in the form with some false username and password, and clicked on the sign in button, I was redirected to the Yahoo! e-mail page as expected. Most of the people know that you need not sign in again if you are already signed in, but in a hurry they might put in their correct username and password just to see what is in it for them. And then they do not even realize that their username and password has been saved in the database of these buggers.
You might wonder how they made a page like this. But I assure you don't need great skills to copy the front end of a web page. You just copy and html and css and upload it in your website. These guys did the same and just linked the form to their database. This means whatever you enter in those fields gets stored in their database after which they smoothly redirect you to the Yahoo! e-mail page which you are already logged into!!
So how to be safe??
- Always look for suspicious things like this e-mail. Yahoo! never sends you a stupid e-mail like that saying that you have incoming e-mails. If you have incoming e-mails they would come to your mailbox.
- Moreover never login or give any information into a page which in a different domain than the one in which you had opened your account.
