Use Yahoo! Mail? Secure that password...
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
in Off-Topic
My family never really listens to me when I talk about security related topics, but now my sister regrets it. She had a simple password (since has been changed) and I believe they used a dictionary attack to get into the account. Once in they sent an e-mail to everyone in her account for a website. Then they deleted all of her contacts (I was able to get those back). But the real kicker that she couldn't figure out was whenever she would send herself an e-mail it would send the spam e-mail back to her. She got home and I took a look, what they do is setup a out of office reply that contained the spam e-mail. We got everything back and cracking, but just wanted to warn anyone who uses Yahoo!....
Here is the e-mail that is sent:
hi:
New shopping new life!
How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.
Look forward to your early reply!
REMOVED SPAM CONTACT INFORMATION
Here is the e-mail that is sent:
hi:
New shopping new life!
How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.
Look forward to your early reply!
REMOVED SPAM CONTACT INFORMATION
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Comments
-
mikej412
Member Posts: 10,086 ■■■■■■■■■■
Posting their websites, domains, and contact information only helps move them up in search engines.:mike: Cisco Certifications -- Collect the Entire Set! -
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
My bad mike! Thanks for that!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
HeroPsycho
Inactive Imported Users Posts: 1,940
They don't even need to dictionary attack it. Sarah Palin's yahoo accounts were compromised through social engineering of Yahoo tech support.Good luck to all! -
tiersten
Member Posts: 4,505
I thought it was the automated password recovery mechanism?HeroPsycho wrote: »They don't even need to dictionary attack it. Sarah Palin's yahoo accounts were compromised through social engineering of Yahoo tech support. -
HeroPsycho
Inactive Imported Users Posts: 1,940
I thought it was the automated password recovery mechanism?
From what I read, it was a combination of the two. Forgot the exact details...Good luck to all! -
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
Yeah Sarah Palin's was the use of open source information. They use a system where you have to have the username, birthday, and country. That gets you to the next prompt which will ask the secret question. In her case I believe it was the high school where she met her husband. I don't believe this was the case with my sister, but who knows!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
wd40
Member Posts: 1,017 ■■■■□□□□□□
It happened to me and I use a 14 mixed characters password!
http://www.techexams.net/forums/off-topic/38626-url-www-e-********-com-url-my-e-mail-hacked.html#post278405
