Filed under: Security, Web services, Social Software
Phishing's new target: MySpace
Thought phishing was just a problem for banks and PayPal, did you? Well, it's entered a new territory: MySpace. And it's got some new tricks up its sleeve. MySpace's iconic Tom Anderson has made a post describing the new attacks that con users into divulging their MySpace username and password. What's interesting about the attacks is that, unlike most phishing sites that must exist on a site other than the official site and whose fake URLs need a keen eye to be identified), these exploit MySpace's customization features to make an ordinary profile at profile.myspace.com look exactly like the official login page. You can see a screenshot of one such phishing profile here. You'll notice that the URL begins with profile.myspace.com rather than the legitimate login.myspace.com, but the page is otherwise indistinguishable from an ordinary MySpace login prompt.So what are evil phishers using those passwords it collects for? Spamming, of course. Once a phisher has a user's login info they use them to post spam comments and send spam bulletins to that user's friends. How original.
Anderson's advice to MySpace users is that whenever they see a login form they should go to www.myspace.com instead of entering their username and password, which is, in my opinion, no solution at all. It just compounds MySpace's already-jarring interface problems. By allowing arbitrary CSS in MySpace profiles, MySpace has created a huge problem for itself that's going to take a very creative solution.
With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet.
They key to getting good at Graveyard Shift is learning to use ...
Reader Comments (Page 1 of 1)
Christopher Higgins said 4:13PM on 10-30-2006
This isn't necessarily new, the warning has been in place for quiet some time now. It's only become a major problem in recent time, where phishers send dozens of spam bulletins and spam group message boards.
The best thing for anyone to do is to change their MySpace password (and e-mail password, as many people have the same password for both).
Reply
Nicholas said 10:07PM on 10-30-2006
The best thing to do is to just ditch MySpace completely. Block it from your network.
http://www.pdsys.org/blog/2006/10/25/MySpaceSucks.aspx
Reply
Sanjay Goel said 3:17AM on 10-31-2006
MySpace should also adapt the phishing protection mechanism similar to yahoo. Yahoo Login screen now has a provision to create a text seal which is unique to your machine. This way all these fake login screens can be easily detected.
Reply
Paim said 12:39PM on 10-31-2006
Im with that guy in ditching myspace completely. And deleting it from the net.
Reply