False Representation

Someone sent me a message earlier from an old friend's screen name. I am pretty sure it was not my friend. The friend sent me a link to a web page to see her most recent pics. This, I thought was very odd. Shortly after, another person with a different name IMed me and claimed I knew them. They wanted me to check out the pics to see if I remembered them.
I found this scenario very suspicious...So I investigated.
I eventually came to the conclusion that the person was stealing random people's Yahoo logins and IDs by having them log into their website. The person's website has a false Yahoo Login script. I first suspected something was wrong when it was asking me to sign in to Yahoo when I was already logged in. So...I clicked on "Secure Login"...And it took me to the secure page...Which was not secure. So...I typed random information into the login boxes. It allowed me to go to the site. The person in the IM box stated that the site I was seeing was not her's. I had to log in to see her's.
Of course...This makes no sense. I was not about to type my login info into that.
So...I decided to investigate further.
Inspecting the HTML code resulted in me finding something highly suspicious and possibly illegal. The Yahoo script was definitely false. They had taken all the normal stuff from the normal login script, but they added in 6 hidden tags. The purpose of those tags was to create the environment required to perform the misdeed. Essentially, the tags rerouted the information to an e-mail address. The email address appears to be somewhat random, but it is all routed to the same "account" on some person's form feeder. It e-mails the user name and password to the person hosting the site.
Very clever!
The only thing they needed was to get rid of the fake address in the toolbar and they may have made it seem less suspicious. Fortunately...That is not the case! :-)