• Check out world news on HeadLinesList.com
  • Forum registration is now open for public.
Hello There, Guest! Login Register


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Do you think this is a Phishing scam?
#1
After you log in to Yahoo! a page came out named "Improve performance - Yahoo!" and inform you:

"We can increase site speed and efficiency for you by copying your user information (which may include sensitive data) to one of our servers in . Please note that privacy protections provided by may be different from those provided by your country. For more information about how Yahoo! treats your information, check out our privacy policies."
https://edit.tpe.yahoo.com/config/replica_agree?.done=http%3a//www.yahoo.com&.scrumb=AIrZoBzPRse

I found some links saying it's a phishing
http://answers.yahoo.com/question/index?qid=20070628033516AAtzOeS
http://answers.yahoo.com/question/index?qid=20080425143245AAJhyRX

Which I think that is wrong, I think it really came from Yahoo! because it would only come out or be accessed if you are already log-in to Yahoo! Meaning that you have already sent your information to Yahoo! before seeing the page, a page which is possibly came from Yahoo! that ask us to if they may copy our information to their other server for optimize performance.

Now you may think that it's some kind of scam, maybe a phishing scam, but phishing scam according to wikipedia is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

If you visit the Privacy Policy page of Yahoo! on how they treat our personal information, It is stated that:

# We will not sell or rent your personally identifiable information to anyone.
# We will send personally identifiable information about you to other companies or people when:

* We have your consent to share the information;
* We need to share your information to provide the product or service you have requested;
* We need to send the information to companies who work on behalf of us to provide a product or service to you. (Unless we tell you differently, these companies do not have any right to use the personally identifiable information we provide to them beyond what is necessary to assist us.);
http://info.yahoo.com/privacy/asia/yahoo/details.html

This means that Yahoo! could give our info to companies who work on behalf of Yahoo! to provide a product or service to you. That is no phishing since your information only falls inside Yahoo!'s circle.

That page is not a masquerading as a trustworthy entity because it really came from Yahoo! it came out after sending your information to Yahoo! by the use of Yahoo!'s sign in page. And either you clicked the Create a copy button or the Do not create a copy button it will truly direct you to a Yahoo! page that you request.

So how come it is a phishing? If I click this link
https://edit.tpe.yahoo.com/config/replica_agree?.done=http%3a//www.yahoo.com&.scrumb=AIrZoBzPRse
it would ask me to log in my Yahoo! account and the whole page is legit, if I try to type http://my.yahoo.com/ which is the My Yahoo! page and show that I am log in to Yahoo! There may not be a page named edit.tpe.yahoo.com but it still made me signed in to Yahoo! using that page. It should mean that that page came from Yahoo!
*From Sir Kye example, http://www.commonwealth.net/data would be another site and could also fall on another server.
Reply

Ads

#2
yes, it's phishing

any page that is not yahoo (such as edit.tpe) that asks for your yahoo password is a phishing site

If you have put your password into this site, you should change it so that they cannot access your account.
Reply

Ads

#3
No this is not phishing, Phishing is when you copy a website and use it to scam other internet users. For example the game "Runescape"

If i copied the "Runescape" homepage and created "www.runescape2.com" and told users to log in using the "new" website URL this is a phishing scam because

#1. I would be using it "Steal" runescape players "passwords" and other personal information.

@ #1.
Websites have "Subdomains" and "Yahoo Answers" is a "Sub Domain" of "Yahoo".

You should only log into "Yahoo" associated websites that have *subdomain*.YAHOO.COM or just Yahoo.Com

this should apply to all websites.

Example
register.runescape.com (Legitimate)
register.runescape2.com (this would be a phishing website)

EDIT: Correct.

http://www.commonwealth.net/data would be two completely different things, The first one would come from data.net and the second from commonwealth.net.
Reply
#4
it is and i will show you why by giving you an example of phishing with an email

from commonwealth bank

from: customersupport@commonwealth.net

dear valued customer we have made changes to our system and need you to verify you logon username and password to enable us to update your details.

please do so here

ad.doubleclick.net/commonwealth.data.net

the url would be the real site if you hovered your curser over the link.

so receive a notification look for 2 things:

1. is it addressing you by your name
2. does the real url match the site address.
Reply

Ads

  


Forum Jump:


Browsing: 1 Guest(s)