Yahoo password recovery method – An Analysis
A friend of ours asked us “is it possible to retrieve yahoo password”. On further discussion we found out that he was waiting to get the password from an old password recovery scam. We wonder why people tend to still believe that these type of tricks work. He told us that he got the link from Google, curious to find how many scams are out there, we also did the same. Shockingly we find so many scams on the internet and many of these ranks number one in Google. “Hacking yahoo password”, “yahoo password recovery” “hotmail password recovery” etc gave us so many results and many of them with bogus write ups like this. Let’s explain why you should not believe in such scam
The write up starts like this in page filled with advertisement. We are sure that the person behind this is making so much money out of this.
Need to hack yahoo passwords?
[this phrase goes as the main title and html title. Good way to listed number one in google and gain good ranking for this keyword.]
It is possible and it is easy. This way of hacking into Yahoo email accounts was brought to my attention by a friend of mine who is a bit of a computer wizard. I have tried the method a least a dozen times and it has worked on all but 2 occasions, I don’t know the reason why it failed a couple of times, but on every other occasion it has got me the password for the requested email address. This is how it is done:
[Convincing with a good story]
STEP 1- Log in to your own yahoo account. Note: Your account must be at least 30 days old for this to work.
[He just don’t want us to make a new test ID and try. This 30 day clause will tempt us to try with our working IDs. Tricky man… tricky]
STEP 2- Once you have logged into your own account, compose/write an e-mail
to: RETRIVE_PASS_KEY_CGI_BIN@yahoo.com This is a mailing address to the Yahoo Staff. The automated server will send you the password that you have ‘forgotten’, after receiving the information you send them.
[It's cheating! Why should yahoo makes a mail box listen to password request?. It can do it with a simple webpage. So it’s the hackers email id. Yahoo wont allow users to create email ids with “yahoo” string any where in the email. You will see several variations of this email like yah00 etc. So its not a legitimate email id of yahoo]
STEP 3- In the subject line type exactly: ” PASSWORD RECOVERY”
[Obvious … May be he wants to filter the number of fools]
STEP 4- On the first line of your mail write the email address of the person you are hacking.
[Waooow]
STEP 5- On the second line type in the e-mail address you are using.
[why so? I want to break someone else id.. Why mine?]
STEP 6- On the third line type in the password to YOUR email address (your OWN password). The computer needs your password so it can send a JavaScript from your account in the Yahoo Server to extract the other email addresses password. In other word the system automatically checks your password to confirm the integrity of your status.
[Very funny… An email with #3 as password. This is the one line which should make you suspicious, else … sure you need some check up ]
The process will be done automatically by the user administration server.
[Good, nice server]
STEP 7- The final step before sending the mail is, type on the fourth line the following code exactly:
cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}
[Well, yea adding lil technical stuff to gain user confidence. ]
so for example if your yahoo id is :
David_100@yahoo.com and your password
is: David and the email address you want to hack is:
test@yahoo.com then
compose the mail as below:
To: RETRIVE_PASS_KEY_CGI_BIN@yahoo.com
bcc: cc: (Don’t write anything in cc,bcc field)
Subject: ” PASSWORD RECOVERY ”
test@yahoo.com
David_100@yahoo.com
David
cgi-bin_RETRIVE_PASS_KEY_CGI_BIN/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}
[Thank you for that nice example.]
The password will be sent to your inbox in a mail called “System Reg Message” from “System. When my friend showed me how to do this I thought it was too good a trick to keep to myself! Just try and enjoy!
[Hahaha … don’t wait its not going to come in the near future and instead, someone else is going o break into yours. Beware …]
Anyway our friend has just reset his password just in time…
I did not work.
ReplyDeleteThanks
Rob