Different name, fashion's the same: Styledash is now the StyleList Blog!
AOL Tech

Phishing's new target: MySpace

Posted Oct 30th 2006 12:06PM by Jordan Running
Filed under: Security, Web services, Social Software

MySpace PhishingThought phishing was just a problem for banks and PayPal, did you? Well, it's entered a new territory: MySpace. And it's got some new tricks up its sleeve. MySpace's iconic Tom Anderson has made a post describing the new attacks that con users into divulging their MySpace username and password. What's interesting about the attacks is that, unlike most phishing sites that must exist on a site other than the official site and whose fake URLs need a keen eye to be identified), these exploit MySpace's customization features to make an ordinary profile at profile.myspace.com look exactly like the official login page. You can see a screenshot of one such phishing profile here. You'll notice that the URL begins with profile.myspace.com rather than the legitimate login.myspace.com, but the page is otherwise indistinguishable from an ordinary MySpace login prompt.

So what are evil phishers using those passwords it collects for? Spamming, of course. Once a phisher has a user's login info they use them to post spam comments and send spam bulletins to that user's friends. How original.

Anderson's advice to MySpace users is that whenever they see a login form they should go to www.myspace.com instead of entering their username and password, which is, in my opinion, no solution at all. It just compounds MySpace's already-jarring interface problems. By allowing arbitrary CSS in MySpace profiles, MySpace has created a huge problem for itself that's going to take a very creative solution.

Tags: login, myspace, phishing, security, tom anderson, TomAnderson

  • Read
  • Permalink
  • Email this
  • Comments [4]

Related Headlines

Reader Comments (Page 1 of 1)

Download Squad Features




View Posts By

Categories
Audio (857)
Beta (345)
Blogging (705)
Browsers (65)
Business (1379)
Design (827)
Developer (939)
E-mail (521)
Finance (128)
Fun (1779)
Games (563)
Internet (4908)
Kids (135)
Office (499)
OS Updates (582)
P2P (182)
Photo (471)
Podcasting (168)
Productivity (1350)
Search (271)
Security (548)
Social Software (1136)
Text (440)
Troubleshooting (52)
Utilities (1995)
Video (1036)
VoIP (140)
web 2.0 (802)
Web services (3382)
Companies
Adobe (188)
AOL (51)
Apache Foundation (1)
Apple (477)
Canonical (35)
Google (1334)
IBM (30)
Microsoft (1323)
Mozilla (475)
Novell (20)
OpenOffice.org (43)
PalmSource (12)
Red Hat (17)
Symantec (14)
Yahoo! (356)
License
Commercial (681)
Shareware (195)
Freeware (2049)
Open Source (925)
Misc
Podcasts (14)
Features (392)
Hardware (167)
News (1129)
Holiday Gift Guide (15)
Platforms
Windows (3694)
Windows Mobile (429)
BlackBerry (45)
Macintosh (2102)
iPhone (104)
Linux (1605)
Unix (78)
Palm (177)
Symbian (123)
Columns
Ask DLS (11)
Analysis (33)
Browser Tips (297)
DLS Podcast (6)
Googleholic (202)
How-Tos (103)
DLS Interviews (19)
Design Tips (15)
Mobile Minute (133)
Mods (68)
Time-Wasters (392)
Weekend Review (40)
Imaging Tips (32)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith

Sponsored Links

Advertise with Download Squad

Most Commented On (60 days)

Recent Comments

Urlesque Headlines

BloggingStocks Tech Coverage

More Tech Coverage

Weblogs, Inc. Network

Other Weblogs Inc. Network blogs you might be interested in:

Joystiq
The Unofficial Apple Weblog (TUAW)
Download Squad
Autoblog
Engadget
BloggingStocks