The Latest Phishing Attack Uses Image Technique on MySpace
A phishing scheme concentrating on users of MySpace resulted in a rise in the number of visits to fraudulent sites by a multiple of 5. This happened in March and April, according to a Google analysis. Securityfocus published this on June 11, 2007.
This finding, which was also entered on Google's Online Security blog, encourages other study that concluded that social networks are getting increasingly attractive to phishers.
The rise, first of all accounts to sites like MySpace and Linkedln that offer malicious people a continuous flow of individual profiles associated with a particular company or industry and the individuals' inherent trust. Moreover, users often apply the same username and password for multiple accounts. By misappropriating the login credentials of MySpace members the conmen make successful entries into the members' other online accounts, such as banks and web-based e-mail.
The first step in the attack involves modification of the style sheet of a member's profile in order to place a transparent picture over the page. This would encourage the visitor to click on a given link or anywhere on the page that would take him/her to a false MySpace login account, said Colin Whittaker of Google's Anti-Phishing Team, as per the statement posted by Google on its security blog.
Google's blog suggests that the growth in traffic during phishing was reduced in mid-April 2007. MySpace in particular experienced a drop in the volume of its phishing attacks, although Google is not sure of the reason. However, Google thinks it could be due to an upgrade in MySpace's server program that administrators use to erase corrupt links injected into member profiles. Theregister published this in news on June 12, 2007.
Whittaker said the highly sophisticated technique in the phishing attacks, which created almost perfect copies of MySpace login page and even hosted it on botnets points to the need for changing over tactics in combating this latest threat. Securityfocus published this on June 11, 2007.
Most often a MySpace phish uses the site itself as the bait unlike the typical spam mail that dupes the recipient into visiting a spurious site to verify his account details.
Related article: THE SPAM MAFIA
» SPAMfighter News - 25-06-2007