After yesterday hacking incident on my gf's yahoo mail account, we called and emailed yahoo customer service and answered all of the security question just to prove that she owns the yahoo id. Yahoo then emailed us the new password and we were able to retrieve the account from the bastard.
So how the hacker did it???? It was just a simple page that collects username and password. But he is skilled on "social engineering". At first you will not notice anything because the flow of conversation is friendly.
The yahoo mail phishing webpage was so simple. Last night i debug the page by using fiddler2, a free web debugging tool. So after the victim entered the username and password and clicked the fake Sign On button, the account information will be then be saved in a clear text file that the hacker then can retrieve and used to logon unto the victim's account. After that he will change your password and 0wn your account.
Debugging yahoo mail phishing page using Fiddler2
Saves username and password on clear text
So if you are a victim of such incident, call Yahoo Customer Service, email them and never forget all information that you used during the creation of your account, alternate email, pet's name, birthday, etc. War against cyber crime is true so always be on guard.