Friday, 12 October 2007

Phishing via Instant Messaging

I just got an IM from a buddy. He told me to go to www(dot)geocities(dot)com(slash)picc_81(slash)index.htm

This appeared to be a Yahoo 360 login page. "Odd," I thought, "Why do I need to login to see a Geocities page? And anyway, aren't I already logged into Yahoo?"

Let's view the source. Oh. It sends the login credentials to a script on www2.fiberbit.net -- looks like it emails them to ggeocitiees@gmail.com

Nice job, phish boy.

I've reported it to PIRT, the Gmail guys, and the Google Safe Browsing folks.

Now to contact my buddy and give him the bad news.

No comments:

Post a comment