I've been 'phished'! Feel like a loser!

Last night I saw one of my (trusted) friends come online on Yahoo messenger. They sent me a link to a pic on Geocities without ever saying hello, which in retrospect, should have raised an alarm, but this friend often sends me amusing links so I didn't think about it much. I clicked on the link and it opened up a "Yahoo photos" page, asking me for my Yahoo ID and password. It looked exactly like the normal log in page, and Yahoo is forever asking me to re-login, and so I fell for it hook line and sinker. I realized this morning what had happened, but they had my ID and password for a good 12 hours. My Yahoo mailbox was my personal one that I never give out the address to unless I know it won't be shared. Now I am going to end up on god knows how many spam lists. I am soooooooooooo bummed and feel sooooooooooo stupid. I am usually pretty good about not getting duped and this just sucks.

I did a virus scan this morning and nothing shows. Is there anything else this phishing scam is looking for besides my Yahoo password?

Bummed......

Have you changed your password? Did you have any personal info (such as bank account numbers) saved anywhere in your inbox?

They could be looking for a million things, but they're probably trying to get some $$ out of you.  As much as it will suck to do, you should contact Yahoo and tell them what happened, then close out the email account (including deleting anything you're keeping in it) and get a new one, or use another you've already got.  If all you use the account for is email (no online shopping or anything) it may be enough to change the password.  Unfortunatley, it's hard to know what these a**holes want.

I totally feel for you.  My husband came this close to getting phished by someone through his eBay account.  He figured it out at the last second, and didn't send them the "important information" they claimed to need.

I have nothing but mean, horrible and painful thoughts toward those that phish.  Personally, I think they should sentenced to a lifetime of being chained in a chair with nothing to do but watch Mama's Family on an endless loop. 

I have nothing but mean, horrible and painful thoughts toward those that phish.  Personally, I think they should sentenced to a lifetime of being chained in a chair with nothing to do but watch Mama's Family on an endless loop. 

She's SO creative with her punishments!!!

I did change my password as soon as I realized. I can't think of anything that interesting they could have gotten from there besides a HUGE list of email addys. I am the secretary for a professional organization so my address list is massive. I feel bad that all of these folk now may get spam b/c of me.

I DO shop from that account and I did report it to Yahoo. I am thinking I might have to close it. Grrrrrr!


I was really bummed at first and not I'm just flat out ANGRY with myself.  

I was really bummed at first and not I'm just flat out ANGRY with myself.  

Don't beat yourself up about it.  Who knows... maybe they took a look at your account and realized it wasn't worth the bother?  I often joke that if someone breaks into my accounts they'll be sorely disappointed by the balances available to them. 

Don't beat yourself up about it.  Who knows... maybe they took a look at your account and realized it wasn't worth the bother?  I often joke that if someone breaks into my accounts they'll be sorely disappointed by the balances available to them. 

My account is really boring. I poked through it and there isn't anything they can use besides the addys. That I can THINK of.......<sigh>


I did go and change some other passwords just for the sake of doing it.

Aw Courtney, don't feel bad! It happens to the best of us!

As long as you don't shop from that account, receive really personal info and change the password, you'll be fine (all the spam/junk can soon filter into it's own folder).

Hugs, I can imagine how crappy that feels

Thanks for the support guys. You THINK you're being careful and then........

aww poor courtney!

I have never heard of being phished what is it?

aww poor courtney!

I have never heard of being phished what is it?

http://en.wikipedia.org/wiki/Phishing

I delete any email I get that I haven't solicited, unless it's from someone I know, or a company I've recently ordered from. Beware of opening email simply because you have it. There are a lot of scams going around right now, including one about PayPal accounts. If you don't open or reply to questionable email, there's no way they can get any information to screw you over/rip you off. You can never be too distrustful when it comes to the net, especially when you consider a lot of people's livelihoods consist of ripping net users off who are far too trustful.

Suzanne

P.S. Statistically speaking, given how many members there now are on this site, it wouldn't be a surprise if a few of them were scam artists (the American term for confidence tricksters).

I remember a time when e-mail contained only messages you were pretty much expecting and some days you could log on and have nothing new!   The scam e-mails hardly ever let up these days. 

I get messages pretending to be from eBay, PayPal, Barclays Bank, CitiBank (with whom I have never had any dealings anyway) and many other similar establishments all the time. 

Watch what the companies you deal with say about their messages.  Many -- such as eBay -- will tell you that they never send generic messages addressed to "Dear eBay customer" or anything like that.  If it doesn't use your site ID to address you personally, then it's a fake.

Whenever you see a link, either on a webpage or in an e-mail or other file which you believe to be taking you to some sort of log-in page for an account, check the URL to which it is actually sending you.   Remember that even though you might see what looks like a genuine URL in a message, the HTML code embedded within it can send you somewhere quite different.

In most browsers, when you position the cursor over a link you will see a line somewhere on the screen which tells you the actual URL to which you will be sent when you click on that link (in Internet Explorer, Netscape, and many others the line appears at the bottom of the screen). 

If the link in the message says "http://www.signin.ebay.com" but when you move the cursor on to that link the URL indicator says "http://www.scamartistsanonymous.ru/ebay.html" then you know something is fishy (O.K., it won't be that obvious, but you get the idea!).    Watch those where the actual link is to an IP address rather than a named URL domain (i.e. instead of seeing http://ebay.com it says something like http://212.90.xx.xx).    It could be genuine, but it could be somebody trying to hide the identity of the page you will be sent to.

Email phishing is very common, true. You do have to be careful.

My attack was via Yahoo messenger and appeared to come from a trusted friend. I let my guard down and that's why I feel stupid. 

The problem is that the same HTML coding which can be used to deceive in e-mail works just as well (in most cases) in code sent via instant messages.

Your friend's hijacked user ID highlights the need to be very careful.  It would be so easy to get caught out though on something like that, so don't feel too bad about it.