dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
144743
share rss forum feed


amark

join:2001-02-09
94045

Facebook-Email Telling Picture on Album 32 dot Com? Scam???

Received an email from Facebook Friend stating:
"go to album 32 dot com and search"had my name", then click on first photo. I bet you didn't remember that, eh?"

Did that and saw a photo-strange. Then I did a search for album 32 dot com and saw thread on yahoo that a scam to retrieve password.

Did a scan with MSSE and nothing, but said a scam to get password. I did change password, but is there any other concerns I should be aware of?
Advice appreciated, thanks!
--
Love That SpongeBob! Great Forum

Expand your moderator at work


Raphion

join:2000-10-14
Samsara
reply to amark

Re: Facebook-Email Telling Picture on Album 32 dot Com? Scam???

Trick is old as the world, fake facebook login page to get your user/pass for facebook.



amark

join:2001-02-09
94045

Well new to me-I changed the email ASAP.
Are there any other concerns having that password?
Security Issues or anything I might be missing?
Thanks.
--
Love That SpongeBob! Great Forum



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to amark

Every email is a scam, phish, or malware lure until proven otherwise.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to amark

It did not come from your friend..others are also getting it and contacted the friend and they said" no not from me"



amark

join:2001-02-09
94045
reply to amark

OK-Could someone let me know if there are any other concerns besides getting my password?
--
Love That SpongeBob! Great Forum



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Album 32 dot Com is now down...

This is a phishing scam designed to capture your Facebook login ID and password.

When you go to the website, it redirects you to a fake FB login page with a cleverly faked URL in the address bar -- both designed to look very much like the real FB page.

As soon as you "logged in" there, the scammers captured your login information.

Log into the REAL Facebook directly -- by typing www.facebook.com -- and change your password ASAP.

Edit: Even if you received this from a "trusted source" or "trusted friend" via Facebook message, then they have already had their account compromised.

Also people that were already logged into facebook when they went to the fake login..it of course asked them to login again..that tipped many off it was fake.

Question for you..do you have a yahoo email account and that is where you got this phishing email ? Asked because I sure see a lot of yahoo users complaining about this one..so maybe that is the connection.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



amark

join:2001-02-09
94045

What do they do with the password?
I am curious if there is anything else they do with the password or account.
Are there any other security issues to be concerned about?
How did they get my email address as well.

Thanks for info.
--
Love That SpongeBob! Great Forum



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit

1 recommendation

This is the fake site album32.com..don't go to it and login to your facebook...answer my question about if you have a yahoo email account above.

Are you using the same password for multiple site and your email login ?



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to amark

You can read more about it here....

»facecrooks.com/Scam-Watch/hey-go···cam.html



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable
reply to Name Game

said by Name Game:

This is the fake site album32.com..

The album32.com site isn't hosting any phish content, It's a redirector to the phish page.
The site hosting the facebook phish is actually
hxxp://www.facebook.com.login.php-profile-signin-gkmeydlw.ihtts.com/index.php?s=dot

WHOIS Data - IHTTS.COM

Service Provided By: Center of Ukrainian Internet Names
Website: »www.ukrnames.com
Contact: +380.577626123

Domain Name: IHTTS.COM

Creation Date: 11-Oct-2012
Modification Date: 11-Oct-2012
Expiration Date: 11-Oct-2013

Domain servers in listed order:
ns1.bluehostingsolutions.com
ns2.bluehostingsolutions.com

Registrant:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981

Billing Contact:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981

Administrative Contact:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981

Technical Contact:
Vladislav Petrenko altsrv@gmail.com
127020, Moskva, Marksa, 237, 93
Moskva, 127020
UKRAINE
+7.9072351981


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Exactly that is why it is a fake site..and this link posted above explains the redirect.

»facecrooks.com/Scam-Watch/hey-go···cam.html



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Snowy

Yes! Site Ihtts.com now online.
www.ihtts.com

Rating:
2.5/5.0 Stars by StatsCrop
\

Ihtts.com IP address is 31.192.109.216, and its server is hosted at India. The server distance from you is 12,721.75 km (7,904.93 miles). Last updated on Tue, 16 Oct 2012 03:58:15 GMT.

Site Title: ihtts.com
IP Address: 31.192.109.216 [Trace] [Reverse]
Server GEO: Latitude: 20° North / Longitude: 77° East / Distance: 12,721.75 km (7,904.93 miles)
Server Location: India

DNS Records Analysis

ihtts.com has address 31.192.109.216
www.ihtts.com has address 31.192.109.216
Websites Hosted On Same IP Address Analysis

The server IP address of Ihtts.com is 31.192.109.216, we have found 6 websites hosted on this server.
You also from here to view more infomations, or view websites hosted at the same network as Ihtts.com from here.

Rank Domain IP Address
#1,681,344 photo1998.com IP address: 31.192.109.216
#4,424,650 album92.com IP address: 31.192.109.216
#2,535,578 albums96.com IP address: 31.192.109.216
#11,508,184 albums99.com IP address: 31.192.109.216
n/a stphtm.com IP address: 31.192.109.216
n/a album32.com IP address: 31.192.109.216

»www.statscrop.com/www/ihtts.com
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Snowy

The last scam like this back in May 2012 used this site

»www.statscrop.com/www/loginhtn.com



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

reply to Name Game

said by Name Game:

Exactly that is why it is a fake site..and this link posted above explains the redirect.

Not busting your b's at all but there are a few accepted terms used to describe phishing components
The site "album32.com" isn't a 'fake' site.
It's acting as a 'redirector'.
A redirector redirects to either another redirector or to the actual phishing page.
album32.com = 'redirector' or 'redirector page'.
Whereas .ihtts.com/index.php?s=dot is the 'fake' page or preferably referred to as the 'phishing page'.
One reason making the distinction between a redirector & a phsh content host matters is that different approaches will made regarding whether a page is a redirector or a phish content host.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

It's fake.. In fact it is a fake thingie. And people that get hit with it could care less what the mechanic calls it..

»www.mywot.com/en/forum/18626-fac···7411#new

fake 1 (fk)
adj.
Having a false or misleading appearance; fraudulent.
n.
1. One that is not authentic or genuine; a sham.

»www.thefreedictionary.com/fake

and ihtts.com is not fake..it is up and running and doing it's thing
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

said by Name Game:

It's fake.. In fact it is a fake thingie. And people that get hit with it could care less what the mechanic calls it..

Ok, I tried.
Expand your moderator at work


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Re: Facebook-Email Telling Picture on Album 32 dot Com? Scam???

same server..IP

Server Location: India

DNS Records Analysis

ihtts.com has address 31.192.109.216
www.ihtts.com has address 31.192.109.216
Websites Hosted On Same IP Address Analysis

The server IP address of Ihtts.com is 31.192.109.216, we have found 6 websites hosted on this server.
You also from here to view more infomations, or view websites hosted at the same network as Ihtts.com from here.

Rank Domain IP Address
#1,681,344 photo1998.com IP address: 31.192.109.216
#4,424,650 album92.com IP address: 31.192.109.216
#2,535,578 albums96.com IP address: 31.192.109.216
#11,508,184 albums99.com IP address: 31.192.109.216
n/a stphtm.com IP address: 31.192.109.216
n/a album32.com IP address: 31.192.109.216
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 edit

1 recommendation

If the redirector(s) & phish page are both on the same server I can see why you chose that server.
That says a lot about the miscreant behind it.
Getting back to OP, yes, your facebook login credentials were the only thing at risk.
No driveby downloads etc.., to be concerned over.

Edit to add: *If* you had submitted your facebook logn to the phish page & as Name Game See Profile pointed out, you use the same password to login into other web based services you should worry about those services also being compromised.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Yes and all these have been like that..granted not in all case are they the same place..but if you look at this one..and the last three like it..has to be the same group or person...I think your group goes after them when the file is complete..and then hands it over to authorities..like at Computer Cops years back etc and maybe that group even shut down the server sooner..Lot's of hard work done and still goes on I am sure.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Snowy

"your facebook login credentials were the only thing at risk."

Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook..



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

said by Name Game:

"your facebook login credentials were the only thing at risk."

Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook..

My edit to add was posted prior to this.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

OK..I wonder if it is yahoo email people who are getting this wave of email...so far seems all are yahoo customers..but not sure yet.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to Name Game

said by Name Game:

"your facebook login credentials were the only thing at risk."

Yes but the login is an email address..and for most people a good one they use all the time...and I would say 90% use the same password for that email addy and their facebook..

If I did have a Facebook account this would not be the case for me.
Anyhow, users have got to start practicing safe hex and don't be stupid and use the same password for email and Facebook. Never use your email passwords for anything else! And be sure you write them all down and put the list in a safe place or use a Password Manager if you trust them....I've had bad luck with them so I don't use them.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


carpetshark3
Premium
join:2004-02-12
Idledale, CO
Reviews:
·CenturyLink
reply to Name Game

said by Name Game:

OK..I wonder if it is yahoo email people who are getting this wave of email...so far seems all are yahoo customers..but not sure yet.

Haven't seen it on the junk Yahoo account I signed up for FB with.
All I get from FB is that so and so added a friend. If I ever posted on FB, it was to a company who decided to run customer service that way. I just read friends' posts and email them. (the friends)


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
reply to Name Game

Not seen on one that I have.



burner50
Proud Union THUG
Premium
join:2002-06-05
Fort Worth, TX
kudos:1
reply to amark

The melon between your ears is the best protection available