dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
163700

amark
join:2001-02-09
94045

amark

Member

Facebook-Email Telling Picture on Album 32 dot Com? Scam???

Received an email from Facebook Friend stating:
"go to album 32 dot com and search"had my name", then click on first photo. I bet you didn't remember that, eh?"

Did that and saw a photo-strange. Then I did a search for album 32 dot com and saw thread on yahoo that a scam to retrieve password.

Did a scan with MSSE and nothing, but said a scam to get password. I did change password, but is there any other concerns I should be aware of?
Advice appreciated, thanks!
Expand your moderator at work

Raphion
join:2000-10-14
Samsara

Raphion to amark

Member

to amark

Re: Facebook-Email Telling Picture on Album 32 dot Com? Scam???

Trick is old as the world, fake facebook login page to get your user/pass for facebook.

amark
join:2001-02-09
94045

amark

Member

Well new to me-I changed the email ASAP.
Are there any other concerns having that password?
Security Issues or anything I might be missing?
Thanks.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to amark

Premium Member

to amark
Every email is a scam, phish, or malware lure until proven otherwise.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 recommendation

Name Game to amark

Premium Member

to amark
It did not come from your friend..others are also getting it and contacted the friend and they said" no not from me"

amark
join:2001-02-09
94045

amark

Member

OK-Could someone let me know if there are any other concerns besides getting my password?

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Album 32 dot Com is now down...

This is a phishing scam designed to capture your Facebook login ID and password.

When you go to the website, it redirects you to a fake FB login page with a cleverly faked URL in the address bar -- both designed to look very much like the real FB page.

As soon as you "logged in" there, the scammers captured your login information.

Log into the REAL Facebook directly -- by typing www.facebook.com -- and change your password ASAP.

Edit: Even if you received this from a "trusted source" or "trusted friend" via Facebook message, then they have already had their account compromised.

Also people that were already logged into facebook when they went to the fake login..it of course asked them to login again..that tipped many off it was fake.

Question for you..do you have a yahoo email account and that is where you got this phishing email ? Asked because I sure see a lot of yahoo users complaining about this one..so maybe that is the connection.

amark
join:2001-02-09
94045

amark

Member

What do they do with the password?
I am curious if there is anything else they do with the password or account.
Are there any other security issues to be concerned about?
How did they get my email address as well.

Thanks for info.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 edit

1 recommendation

Name Game

Premium Member

This is the fake site album32.com..don't go to it and login to your facebook...answer my question about if you have a yahoo email account above.

Are you using the same password for multiple site and your email login ?
Name Game

Name Game to amark

Premium Member

to amark
You can read more about it here....

»facecrooks.com/Scam-Watc ··· cam.html

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to Name Game

Premium Member

to Name Game
said by Name Game:

This is the fake site album32.com..

The album32.com site isn't hosting any phish content, It's a redirector to the phish page.
The site hosting the facebook phish is actually
hxxp://www.facebook.com.login.php-profile-signin-gkmeydlw.ihtts.com/index.php?s=dot

WHOIS Data - IHTTS.COM

Service Provided By: Center of Ukrainian Internet Names
Website: »www.ukrnames.com
Contact: +380.577626123

Domain Name: IHTTS.COM

Creation Date: 11-Oct-2012
Modification Date: 11-Oct-2012
Expiration Date: 11-Oct-2013

Domain servers in listed order:
ns1.bluehostingsolutions.com
ns2.bluehostingsolutions.com

Registrant:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981

Billing Contact:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981

Administrative Contact:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981

Technical Contact:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Exactly that is why it is a fake site..and this link posted above explains the redirect.

»facecrooks.com/Scam-Watc ··· cam.html
Name Game

Name Game to Snowy

Premium Member

to Snowy
Yes! Site Ihtts.com now online.
www.ihtts.com

Rating:
2.5/5.0 Stars by StatsCrop
\

Ihtts.com IP address is 31.192.109.216, and its server is hosted at India. The server distance from you is 12,721.75 km (7,904.93 miles). Last updated on Tue, 16 Oct 2012 03:58:15 GMT.

Site Title: ihtts.com
IP Address: 31.192.109.216 [Trace] [Reverse]
Server GEO: Latitude: 20° North / Longitude: 77° East / Distance: 12,721.75 km (7,904.93 miles)
Server Location: India

DNS Records Analysis

ihtts.com has address 31.192.109.216
www.ihtts.com has address 31.192.109.216
Websites Hosted On Same IP Address Analysis

The server IP address of Ihtts.com is 31.192.109.216, we have found 6 websites hosted on this server.
You also from here to view more infomations, or view websites hosted at the same network as Ihtts.com from here.

Rank Domain IP Address
#1,681,344 photo1998.com IP address: 31.192.109.216
#4,424,650 album92.com IP address: 31.192.109.216
#2,535,578 albums96.com IP address: 31.192.109.216
#11,508,184 albums99.com IP address: 31.192.109.216
n/a stphtm.com IP address: 31.192.109.216
n/a album32.com IP address: 31.192.109.216

»www.statscrop.com/www/ihtts.com
Name Game

Name Game to Snowy

Premium Member

to Snowy
The last scam like this back in May 2012 used this site

»www.statscrop.com/www/lo ··· nhtn.com

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 recommendation

Snowy to Name Game

Premium Member

to Name Game
said by Name Game:

Exactly that is why it is a fake site..and this link posted above explains the redirect.

Not busting your b's at all but there are a few accepted terms used to describe phishing components
The site "album32.com" isn't a 'fake' site.
It's acting as a 'redirector'.
A redirector redirects to either another redirector or to the actual phishing page.
album32.com = 'redirector' or 'redirector page'.
Whereas .ihtts.com/index.php?s=dot is the 'fake' page or preferably referred to as the 'phishing page'.
One reason making the distinction between a redirector & a phsh content host matters is that different approaches will made regarding whether a page is a redirector or a phish content host.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 recommendation

Name Game

Premium Member

It's fake.. In fact it is a fake thingie. And people that get hit with it could care less what the mechanic calls it..

»www.mywot.com/en/forum/1 ··· 7411#new

fake 1 (fk)
adj.
Having a false or misleading appearance; fraudulent.
n.
1. One that is not authentic or genuine; a sham.

»www.thefreedictionary.com/fake

and ihtts.com is not fake..it is up and running and doing it's thing

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Name Game:

It's fake.. In fact it is a fake thingie. And people that get hit with it could care less what the mechanic calls it..

Ok, I tried.
Expand your moderator at work

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Re: Facebook-Email Telling Picture on Album 32 dot Com? Scam???

same server..IP

Server Location: India

DNS Records Analysis

ihtts.com has address 31.192.109.216
www.ihtts.com has address 31.192.109.216
Websites Hosted On Same IP Address Analysis

The server IP address of Ihtts.com is 31.192.109.216, we have found 6 websites hosted on this server.
You also from here to view more infomations, or view websites hosted at the same network as Ihtts.com from here.

Rank Domain IP Address
#1,681,344 photo1998.com IP address: 31.192.109.216
#4,424,650 album92.com IP address: 31.192.109.216
#2,535,578 albums96.com IP address: 31.192.109.216
#11,508,184 albums99.com IP address: 31.192.109.216
n/a stphtm.com IP address: 31.192.109.216
n/a album32.com IP address: 31.192.109.216

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 edit

1 recommendation

Snowy

Premium Member

If the redirector(s) & phish page are both on the same server I can see why you chose that server.
That says a lot about the miscreant behind it.
Getting back to OP, yes, your facebook login credentials were the only thing at risk.
No driveby downloads etc.., to be concerned over.

Edit to add: *If* you had submitted your facebook logn to the phish page & as Name Game See Profile pointed out, you use the same password to login into other web based services you should worry about those services also being compromised.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Yes and all these have been like that..granted not in all case are they the same place..but if you look at this one..and the last three like it..has to be the same group or person...I think your group goes after them when the file is complete..and then hands it over to authorities..like at Computer Cops years back etc and maybe that group even shut down the server sooner..Lot's of hard work done and still goes on I am sure.
Name Game

Name Game to Snowy

Premium Member

to Snowy
"your facebook login credentials were the only thing at risk."

Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook..

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Name Game:

"your facebook login credentials were the only thing at risk."

Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook..

My edit to add was posted prior to this.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

OK..I wonder if it is yahoo email people who are getting this wave of email...so far seems all are yahoo customers..but not sure yet.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to Name Game

Premium Member

to Name Game
said by Name Game:

"your facebook login credentials were the only thing at risk."

Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook..

If I did have a Facebook account this would not be the case for me.
Anyhow, users have got to start practicing safe hex and don't be stupid and use the same password for email and Facebook. Never use your email passwords for anything else! And be sure you write them all down and put the list in a safe place or use a Password Manager if you trust them....I've had bad luck with them so I don't use them.

carpetshark3
Premium Member
join:2004-02-12
Idledale, CO

carpetshark3 to Name Game

Premium Member

to Name Game
said by Name Game:

OK..I wonder if it is yahoo email people who are getting this wave of email...so far seems all are yahoo customers..but not sure yet.

Haven't seen it on the junk Yahoo account I signed up for FB with.
All I get from FB is that so and so added a friend. If I ever posted on FB, it was to a company who decided to run customer service that way. I just read friends' posts and email them. (the friends)

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay to Name Game

MVM

to Name Game
Not seen on one that I have.

burner50
Proud Union THUG
Premium Member
join:2002-06-05
Iowa

burner50 to amark

Premium Member

to amark
The melon between your ears is the best protection available