amark join:2001-02-09 94045 |
amark
Member
2012-Oct-15 5:29 pm
Facebook-Email Telling Picture on Album 32 dot Com? Scam???Received an email from Facebook Friend stating: "go to album 32 dot com and search"had my name", then click on first photo. I bet you didn't remember that, eh?"
Did that and saw a photo-strange. Then I did a search for album 32 dot com and saw thread on yahoo that a scam to retrieve password.
Did a scan with MSSE and nothing, but said a scam to get password. I did change password, but is there any other concerns I should be aware of? Advice appreciated, thanks! |
|
your moderator at work
hidden :
|
|
to amark
Re: Facebook-Email Telling Picture on Album 32 dot Com? Scam???Trick is old as the world, fake facebook login page to get your user/pass for facebook. |
|
amark join:2001-02-09 94045 |
amark
Member
2012-Oct-15 6:58 pm
Well new to me-I changed the email ASAP. Are there any other concerns having that password? Security Issues or anything I might be missing? Thanks. |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX |
to amark
Every email is a scam, phish, or malware lure until proven otherwise. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
to amark
It did not come from your friend..others are also getting it and contacted the friend and they said" no not from me" |
|
|
amark join:2001-02-09 94045 |
amark
Member
2012-Oct-15 7:49 pm
OK-Could someone let me know if there are any other concerns besides getting my password? |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Album 32 dot Com is now down...
This is a phishing scam designed to capture your Facebook login ID and password.
When you go to the website, it redirects you to a fake FB login page with a cleverly faked URL in the address bar -- both designed to look very much like the real FB page.
As soon as you "logged in" there, the scammers captured your login information.
Log into the REAL Facebook directly -- by typing www.facebook.com -- and change your password ASAP.
Edit: Even if you received this from a "trusted source" or "trusted friend" via Facebook message, then they have already had their account compromised.
Also people that were already logged into facebook when they went to the fake login..it of course asked them to login again..that tipped many off it was fake.
Question for you..do you have a yahoo email account and that is where you got this phishing email ? Asked because I sure see a lot of yahoo users complaining about this one..so maybe that is the connection. |
|
amark join:2001-02-09 94045 |
amark
Member
2012-Oct-15 8:06 pm
What do they do with the password? I am curious if there is anything else they do with the password or account. Are there any other security issues to be concerned about? How did they get my email address as well.
Thanks for info. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI 1 edit
1 recommendation |
This is the fake site album32.com..don't go to it and login to your facebook...answer my question about if you have a yahoo email account above.
Are you using the same password for multiple site and your email login ? |
|
Name Game |
to amark
|
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to Name Game
said by Name Game:This is the fake site album32.com.. The album32.com site isn't hosting any phish content, It's a redirector to the phish page. The site hosting the facebook phish is actually hxxp://www.facebook.com.login.php-profile-signin-gkmeydlw.ihtts.com/index.php?s=dot WHOIS Data - IHTTS.COM Service Provided By: Center of Ukrainian Internet Names Website: » www.ukrnames.comContact: +380.577626123 Domain Name: IHTTS.COM Creation Date: 11-Oct-2012 Modification Date: 11-Oct-2012 Expiration Date: 11-Oct-2013 Domain servers in listed order: ns1.bluehostingsolutions.com ns2.bluehostingsolutions.com Registrant: Vladislav Petrenko altsrv@gmail.com 127020, Moskva, Marksa, 237, 93 Moskva, 127020 UKRAINE +7.9072351981 Billing Contact: Vladislav Petrenko altsrv@gmail.com 127020, Moskva, Marksa, 237, 93 Moskva, 127020 UKRAINE +7.9072351981 Administrative Contact: Vladislav Petrenko altsrv@gmail.com 127020, Moskva, Marksa, 237, 93 Moskva, 127020 UKRAINE +7.9072351981 Technical Contact: Vladislav Petrenko altsrv@gmail.com 127020, Moskva, Marksa, 237, 93 Moskva, 127020 UKRAINE +7.9072351981 |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Exactly that is why it is a fake site..and this link posted above explains the redirect. » facecrooks.com/Scam-Watc ··· cam.html |
|
Name Game |
to Snowy
Yes! Site Ihtts.com now online. www.ihtts.com Rating: 2.5/5.0 Stars by StatsCrop \ Ihtts.com IP address is 31.192.109.216, and its server is hosted at India. The server distance from you is 12,721.75 km (7,904.93 miles). Last updated on Tue, 16 Oct 2012 03:58:15 GMT. Site Title: ihtts.com IP Address: 31.192.109.216 [Trace] [Reverse] Server GEO: Latitude: 20° North / Longitude: 77° East / Distance: 12,721.75 km (7,904.93 miles) Server Location: India DNS Records Analysis ihtts.com has address 31.192.109.216 www.ihtts.com has address 31.192.109.216 Websites Hosted On Same IP Address Analysis The server IP address of Ihtts.com is 31.192.109.216, we have found 6 websites hosted on this server. You also from here to view more infomations, or view websites hosted at the same network as Ihtts.com from here. Rank Domain IP Address #1,681,344 photo1998.com IP address: 31.192.109.216 #4,424,650 album92.com IP address: 31.192.109.216 #2,535,578 albums96.com IP address: 31.192.109.216 #11,508,184 albums99.com IP address: 31.192.109.216 n/a stphtm.com IP address: 31.192.109.216 n/a album32.com IP address: 31.192.109.216 » www.statscrop.com/www/ihtts.com |
|
Name Game |
to Snowy
The last scam like this back in May 2012 used this site » www.statscrop.com/www/lo ··· nhtn.com |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
1 recommendation |
to Name Game
said by Name Game:Exactly that is why it is a fake site..and this link posted above explains the redirect. Not busting your b's at all but there are a few accepted terms used to describe phishing components The site "album32.com" isn't a 'fake' site. It's acting as a 'redirector'. A redirector redirects to either another redirector or to the actual phishing page. album32.com = 'redirector' or 'redirector page'. Whereas .ihtts.com/index.php?s=dot is the 'fake' page or preferably referred to as the 'phishing page'. One reason making the distinction between a redirector & a phsh content host matters is that different approaches will made regarding whether a page is a redirector or a phish content host. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
Name Game
Premium Member
2012-Oct-15 10:28 pm
It's fake.. In fact it is a fake thingie. And people that get hit with it could care less what the mechanic calls it.. » www.mywot.com/en/forum/1 ··· 7411#newfake 1 (fk) adj. Having a false or misleading appearance; fraudulent. n. 1. One that is not authentic or genuine; a sham. » www.thefreedictionary.com/fakeand ihtts.com is not fake..it is up and running and doing it's thing |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2012-Oct-15 10:32 pm
said by Name Game:It's fake.. In fact it is a fake thingie. And people that get hit with it could care less what the mechanic calls it..
Ok, I tried. |
|
your moderator at work
hidden : hidden :
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Name Game
Premium Member
2012-Oct-15 11:16 pm
Re: Facebook-Email Telling Picture on Album 32 dot Com? Scam???same server..IP
Server Location: India
DNS Records Analysis
ihtts.com has address 31.192.109.216 www.ihtts.com has address 31.192.109.216 Websites Hosted On Same IP Address Analysis
The server IP address of Ihtts.com is 31.192.109.216, we have found 6 websites hosted on this server. You also from here to view more infomations, or view websites hosted at the same network as Ihtts.com from here.
Rank Domain IP Address #1,681,344 photo1998.com IP address: 31.192.109.216 #4,424,650 album92.com IP address: 31.192.109.216 #2,535,578 albums96.com IP address: 31.192.109.216 #11,508,184 albums99.com IP address: 31.192.109.216 n/a stphtm.com IP address: 31.192.109.216 n/a album32.com IP address: 31.192.109.216 |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI 1 edit
1 recommendation |
Snowy
Premium Member
2012-Oct-15 11:28 pm
If the redirector(s) & phish page are both on the same server I can see why you chose that server. That says a lot about the miscreant behind it. Getting back to OP, yes, your facebook login credentials were the only thing at risk. No driveby downloads etc.., to be concerned over. Edit to add: *If* you had submitted your facebook logn to the phish page & as Name Game pointed out, you use the same password to login into other web based services you should worry about those services also being compromised. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Name Game
Premium Member
2012-Oct-15 11:41 pm
Yes and all these have been like that..granted not in all case are they the same place..but if you look at this one..and the last three like it..has to be the same group or person...I think your group goes after them when the file is complete..and then hands it over to authorities..like at Computer Cops years back etc and maybe that group even shut down the server sooner..Lot's of hard work done and still goes on I am sure. |
|
Name Game |
to Snowy
"your facebook login credentials were the only thing at risk." Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook.. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2012-Oct-15 11:46 pm
said by Name Game: "your facebook login credentials were the only thing at risk."
Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook.. My edit to add was posted prior to this. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Name Game
Premium Member
2012-Oct-16 12:01 am
OK..I wonder if it is yahoo email people who are getting this wave of email...so far seems all are yahoo customers..but not sure yet. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI
1 recommendation |
to Name Game
said by Name Game: "your facebook login credentials were the only thing at risk."
Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook.. If I did have a Facebook account this would not be the case for me. Anyhow, users have got to start practicing safe hex and don't be stupid and use the same password for email and Facebook. Never use your email passwords for anything else! And be sure you write them all down and put the list in a safe place or use a Password Manager if you trust them....I've had bad luck with them so I don't use them. |
|
|
to Name Game
said by Name Game:OK..I wonder if it is yahoo email people who are getting this wave of email...so far seems all are yahoo customers..but not sure yet. Haven't seen it on the junk Yahoo account I signed up for FB with. All I get from FB is that so and so added a friend. If I ever posted on FB, it was to a company who decided to run customer service that way. I just read friends' posts and email them. (the friends) |
|
|
to Name Game
Not seen on one that I have. |
|
burner50Proud Union THUG Premium Member join:2002-06-05 Iowa |
to amark
The melon between your ears is the best protection available |
|