The user sent the ifeng URL, but it was the QQ space after it was opened. Is it always prompted that QQ was not logged on? It turns out to be a sinister scam

At noon, I received a message from a QQ friend:

XXXXXXXXX 12:46:53
Http://big5.ifeng.com \ gate \ big5 \ 180.178.37.12? 9688 do you know her?

 

It looks like a webpage of phoenixnet. You can click it to open it directly, but the image of a QQ space is not displayed in IE.

However, the address displayed in the browser title and address bar is not like a QQ space. What's more suspicious is that my QQ account has already logged on. Why does it prompt me that I have not logged on? Should I enter the QQ number and password?

 

View the source code of the webpage and find:

 

<!-- saved from url=(0037)http：//pek．hout7．com/314025954/m7．asp -->

The image of a QQ space we see is through code:

<IFRAME id=test height=900 src="http：//471711545．qzone．qq．com/photo/" frameBorder=no width="100%" name=test scrolling=no></IFRAME>

 

Introduced, and the logon box is also through:

 

<IFRAME id=embed_login_frame height=240             src="index_files/login1．htm" frameBorder=0 width=380             name=embed_login_frame scrolling=no             tppabs="login1．asp"></IFRAME>

Introduced.

Check the http: // 180.178.39.252/B18/index_files/login1.htm code and find that the link is false.

 

Enter a hypothetical QQ number and password at will, enter the correct verification code to log on, and switch to http: // 180.178.39.252/B18/index2.asp in the browser, prompting that the user name or password is incorrect.

Return to http://big5.ifeng.com \ gate \ big5 \ 180.178.37.12? 9688. You are still prompted to enter the QQ number and password. Enter the hypothetical QQ number and hypothetical password again. If you do not enter the verification code, click log on. the browser will jump to http: // 180.178.39.252/B18/mibao.htm.

 

 

Some functions of your QQ account are temporarily restricted! The QQ Security Center has detected exceptions in your account. To protect account security, the system temporarily restricts some functions of your QQ number. After the restrictions are lifted, the system can be used normally!

 

However, the URL http: // 180.178.39.252/B18/mibao.htm displayed in the address bar is obviously different from the URL aq.qq.com marked on the top of the page!

Check the webpage source code and find:

<Link href = "Pat network-authentication. Files/base1.css" type = text/CSS rel = stylesheet tppabs = "http://consignnent5173.cn/detail/91.files/base.css">

And other information, it seems that some content of this web page is saved from the Pat network.

 

Click "Remove restriction" to jump to the browser:

The URL http: // 180.178.39.252/B18/mibao2.asp displayed in the address bar is obviously different from the URL aq.qq.com marked on the top of the page!

 

On this page, select the password protection question and enter the answer!

After several tests, we can see the following tricks:

 

1. Trick a user into opening a Web page.

2. Obtain the user's QQ number and password. Prompt the user to enter the QQ number and password on the scam webpage. Because the real QQ space information displayed on the scam page is quite tempting to show album information of a certain mm in this example! After obtaining the QQ number and password, the system prompts that the password is incorrect and prepares for further deception;
3. defraud users of QQ confidential information. Prompt the user to enter the QQ number and password again, and then prompt "Some QQ account functions are temporarily restricted !", Trick users into choosing password protection questions and entering answers!

 

A link is rather sinister! We need to improve the efficiency!

 

He called the QQ friend and learned that he was not on QQ at the time ,...... He immediately changed his QQ password and told other QQ friends to watch out!

 

Finally Open the http://big5.ifeng.com, found not Phoenix net