Fake Login Screens

For as long as I can remember people have been devising ways to obtain other peoples passwords. There are two main techniques utilised in trying to obtain your password and they are cracking/hacking and social engineering. I'll go into both of these briefly before going more into depth on fake logins.


Now for those of you that are not computer literate let me explain that cracking and hacking are not the same thing.

Cracking is where a program or script is used to run through a list of words, numbers, and/or symbols in an attempt to find your password. This is done by sending repeated login attempts using the victims username and the current entry from the list. Most big companies, such as Yahoo and Hotmail, have safe guards in place to prevent this sort of thing. Try logging into Yahoo using the wrong password and you will find your account locked after the third attempt.

Hacking is where the person tries to access a machine, be it yours or, for the sake of this page, Yahoo's in an attempt to get the password. The term hacking covers more than just this but for the purpose of this page that is the part that concerns us. Once again big companies such as Yahoo! and Hotmail are not that easy to "hack" and so most so called hackers will target individual machines, ie YOUR computer. This is usually done with a trojan. A trojan is a program that is disguised as something else ( hence the term trojan from Trojan Horse) and once run can give the attacker full access and control over your pc. This is easy to protect against with three things:

  1. A firewall. A firewall gives you control over what programs can access the net from your computer and will stop anything from connecting to the net that you have not authorised. See my free stuff page for a free firewall.
  2. An antivirus program. A decent anti virus will scan all incoming emails, all programs you run, and all web pages you visit looking for viruses, worms, and trojans. See my viruses page for free anti virus software.
  3. COMMON SENSE. A lot of viruses get onto pc's from items downloaded from web sites and email attachments being opened. The sort of people that want to get your password are the sort of people that make so called booting programs. Some of these people are not adverse to putting a trojan or some other virus into a program and then saying it's something they know will get downloaded by unsuspecting people.

Social Engineering

There are basically three forms of social enginering:
  1. Fake password recovery - This is where you are told that you can get hold of anyones password by using a backdoor or exploit in a server whereby you send an email to a specified address with the victims id as the subject line or what have you and then include your username and password. This is total idiocy and should just be ignored
  2. The come on/friendly chat/plead for help - In this case the person starts talking to your for one of the three reasons stated. They will try to come on to you, or be friendly with you, or say they need help. But at some point in the conversation they will bring the subject around to things like your date of birth, your zip/post code, your mothers maiden name etc. What they are trying to do is get the information required to access your account using the password recovery feature which requires such information.
  3. The Fake Login Screen - This usually looks like the real thing (beleive me I've seen some that are just ridiculously obvious) but actually sends your email to the person via email or saves it to a file for them to retrieve later.

Right so lets discuss the fake login pages then since thats what this page is about. Most fake logins are easy to spot, just look at the URL, thats the http:// bit you get in the address bar. If it's a real Yahoo! login page the url will start with http:// or https:// and then it could be anyy or none of the following, login.yahoo.com, mail.yahoo.com, edit.yahoo.com. So the start of the address could be http://login.yahoo.com. There are to many variations for me to list here but all you have to check is that the bit after the :// and before the next / says yahoo then a domain such as .com, .co.uk, .co.jp, .ca, .co.kr, etc. As I said most fake logins use a free host such as geocities so the URL will say www.geocities.com or www.angelfire.com and not yahoo.

Now some of these fake logins are getting clever. They use a url like http://login.yahoo.com/edit?src=1&warned=1@www.realaddress.com/. Now the start of this url looks correct but what they are doing is using the @ symbol. The @ symbol is used when a site reuires a username and is used as http://USERNAME:PASSWORD@www.realsite.com. the part before the @ will be ignored by most servers and they use this fact to disguise the real URL from you. If you come across a fake login page report it to the sites host and it will usually be removed within 24 hours.

I must add at this point that a recent Internet Explorer patch removed support for http://login.yahoo.com/edit?src=1&warned=1@www.realaddress.com/ style urls which while being a good thing regarding fake logins has caused problems for many companies that use this type of url to log you in.

For more information on this subject try this page:

A good page on choosing and remembering passwords is http://wiki.ehow.com/Remember-Your-Password