Warning: That Yahoo IM from me is malicious
It finally happened.
I fell for one of those silly phishing scams. The kind that I previously took sanctimonious pride in having avoided. The kind where you get a frantic e-mail or IM from a friend saying that a malicious link was clicked, a secret password typed in, and that they didn't know better.
I feel so ashamed, guilty, violated...stupid.
In case you haven't heard yet, an IM-based worm was spreading itself via Yahoo Messenger on Friday, propagating through people's contacts lists and directing hapless victims to a malicious Web site. The site looks like a legitimate Yahoo 360 log-in page and prompts you for your username and password, which it then stores to be used for later nefarious deeds.
The IM looked innocent. Too innocent. I should have been tipped off by the smiley face emoticons surrounding the link. But I clicked it anyway in the midst of multitasking at work. It came from, or at least it was sent from, the account of a trusted source--a friend who is a longtime programmer and Web aficionado. I clicked the link, thoughtlessly typed in my password, and arrived at my 360 home page. Nothing new here. I e-mailed my friend, asking him what was up with the link. He e-mailed back that it's a phishing scam and not to click on it. Too late.
AAAAAAAAAAAAhhhhhhhhhhh!
My heart raced as I started sending warning IMs to everyone in my contact list and e-mails to other people. I started getting IMs from other friends who were nabbed by the same culprit. I couldn't believe this was happening to me! I've been covering the Internet for more than a decade. I know better than to click on an unrecognized Web link, even if it comes from a friend.
You may trust that your friends take precautions, but in the Digital Age you are also precariously linked with all the contacts in your friend's e-mail contacts list, and their contacts, and so on. I realized I had gotten an IM STD. Sending those mea culpa IMs to my friends and (cringe) professional contacts was the electronic equivalent of phoning someone to tell him that he might want to visit a physician after a night of unprotected "networking."
I know I'll get teased and criticized and called names now that I've gone public about my indiscretion. But if my story can help even one person from being victimized like I was then I'll feel it was worth it.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
been a Mac. Phishing attacks can happen to anybody, including
Mac users. Once they steal your password, they can log in to your
Yahoo account and send messages to other people on your Yahoo
buddy list, doesn't matter Mac or PC. In fact Macs are MORE
vulnerable because Safari doesn't have built in phishing protection
like IE 7 does.
knock....knock...
- Time for compassion
- by swift2--2008 June 30, 2007 12:15 PM PDT
- I'm sorry for the way this immediately broke down into sectarian
- Like this Reply to this comment
-
(7 Comments)war between Apple and Windows. Not fair, Mac guy -- and I am
one.
I once had a virginal gmail account that got -- no -- spam. But
then one of those deceptive mails came along, I clicked on it,
realized a few seconds later, but then, until the end of time, my
daily spam went from one or two to around 200.
I have been on a lot of compromised, junked-up Windows
installations of relatives, trying to clean them up. One of the nice
things -- so far -- about the Mac has been that you don't have
to worry about this stuff, for whatever reason. But it's not good
news when any computer gets compromised. We need to
exercise something that seems alien today: the solidarity of
computer users against the evildoers.
Death to Malware!