MySpace Yet Again Under Phishers

Phishers are employing a fake MySpace Web page to access people's bank accounts. In its November 2006 report, Security Company, 'Fortinet' describes hackers' activities in designing an identical copy of a MySpace login page to use it for tracking personal user information.

People who visit the site are directed to click on an apparently harmless bulletin that a trusted friend posts inviting to watch a video. It then asks to logon a web page pretending as MySpace.

Fortinet has found that each time a user logs into the replica site, the bulletin automatically appears to all the victim's friends, thereby spreading all over. An average MySpace user generally has 100-500 friends. This indicates how wide would be the particular hacking operation, considering the frequency in which people log into the site, said Guillaume Lovet, leader of 'threat response team' of Fortinet.

Lovet explains that when someone logs onto the duplicate site, the hacker captures his personal e-mail addresses and passwords. For hackers such active e-mail addresses are very precious because they can use them as platforms to reproduce more threats through spam.

Lovet further says, by joining the dots a follow up attack through personal e-mail could take a user to his/her financial institution site. Since a large number of users tend to use the same passwords for various sites on the Net, a mistake they should avoid, this gives way to a potential swamp.

There has been an increase in 'phishing' attacks targeting MySpace users. In October 2006, 'Netcraft', an Internet Analysis Company found that a MySpace.com user had pushed innocent victims into surrendering their account details via a 'phishing' attack. This is how it happened. The user trying to obtain personal details from the popular online community registered an account by the name "login_home_index_html" and modified his account page to reflect the appearance of the MySpace.com login page.

Security experts advise users to be cautious of unsolicited e-mails that offer gainful cash rewards or peculiar videos in return for declaring personal info. Also one should not access a website from an e-mail link but by typing the URL into the Web browser.

Related article: MySpace Wants Apple To Update QuickTime

» SPAMfighter News - 12/7/2006