Why MySpace Password Phishing Happens So Often

Identity Theft - Phishing : Why MySpace Password Phishing Happens So Often

Posted by Max on 2007/5/2 15:32:09 (1681 reads)

Breaking into somebody else's MySpace account has gotten a lot of attention recently, with a wicked fight between hot celebrities Shanna Moakler, Lindsay Lohan, and Paris Hilton.

But supposing you're not Paris, why would anyone want your MySpace password? And assuming you're smarter than Paris and don't use your dog's name, how would they get that password?

Well, they'd want it for a number of reasons. One would be to spam your friends through the MySpace comment and message system-- people are far more likely to open a message if it appears to come from a friend or colleague, after all.

They can also use your MySpace profile to direct your friends and acquaintances to dangerous or crooked websites. Finally, they can try your username and password combination on other websites: maybe myspace.com/secretlyironic has the same password as secretlyironic @ yahoo.com, and maybe there's a bank account with that same user name and password.

We don't have to tell you what happens then.
To start harvesting passwords, an attacker starts with a fake profile of their own, and begins collecting friends and posting on messageboards to attract traffic to the profile. It's easy enough to overlay a transparent image on a page making any click direct readers to any site you like.

Password thieves will use that trick to get victims to a page that looks exactly like a MySpace login screen, and prompt them to login. When they do, they'll end up back at the MySpace home page, apparently logged in. It looks like an accidental logout, but it's not: they've just handed their credentials to a stranger.

About 90% of the phishing sites we find and flag as red are aimed at MySpace, and many of them have names designed to look like MySpace-related URLs: loginyspace, myspacev, and rmnyspacies, and so forth. They also come and go quickly-- none of those sites even exists right now.

To avoid getting caught, always double-check the URL when you get an unexpected login prompt. To minimize damage if you do get hacked, use different passwords for your social networking account and your bank account, and report any unauthorized access immediately.

Previous article - Next article

Other articles
2008/8/21 15:52:01 - BitRoll and Torrent101 Used to Distribute the Lop Adware
2008/8/20 15:06:33 - FRAUDFacts Helps You Fight Identity Theft and Fraud for Life
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft

The comments are owned by the poster. We aren't responsible for their content.