Alert: Yahoo Fake Login Screen is on Yahoo’s Geocities itself!

Few days back, I got a mail from one of my friend saying her yahoo account has been hacked! The Chinese attacker accomplished this by creating a fake-login screen! Actually there is more victims to this yahoo fake-login screen. While this type of attack isn’t new, what makes people vulnerable as this one is uploaded on yahoo’s geocities itself!

Posting here are ways to protect yourself…

1. Trying Wrong Password (Simple)
If you suspect the login-screen next to you is fake, then best way is to enter wrong password. While a genuine login screen will return an error such as “wrong user name or password” the fake one will redirect you to pre-configured page!

2. Checking source code… (Advance)
You can also inspect source-code of login screen…
Look for

&

tags… (or you can directly search for “action” attribute)

Now original “action” value for yahoo photo’s is,

“https://login.yahoo.com/config/login?“

Its enough to check high-level domain (as shown in red color). Creating a fake-login screen is quite simple so if hacker attacker is really naive, then this will works 99.99999% of the time! There is only one way out for attacker and it depends much more on victims foolishness as well as luck!

A fake login screen will always have different value for action attribute…
few ex:

• https://user.yahooo.com/config/login? (note extra O in yahoo)
• http://myserever.com/fakelogin.cgi
• etc…

For those relying on “forget password” option then there is another bad news…
This guy is smart enough to change PIN and COUNTRY information in all his victims yahoo account so they could not get even security question to answer!!!