Phishers attack MySpace users

gallery

Phishers are using a fake MySpace webpage to hack into people's bank accounts.

The latest report from security company Fortinet found that hackers have created an exact replica of a MySpace log-in page in order to track personal user details. People who use the site click on a seemingly innocuous bulletin that a trusted friend posts requesting inviting them to watch a video and find themselves asked to log in again by the hackers with a web page masquerading as MySpace.

"We do know that each time a user logs into the mirror site, the bulletin is automatically reposted to all of the victim's friends, and that is how it spreads," said Guillaume Lovet, threat response team leader of Fortinet. "Considering that the average MySpace user has between 100 and 500 friends - that's a huge growth rate considering how often people log into the site."

Lovat said once someone logs into the replica site their personal email addresses and passwords are captured.

"Active email addresses are very valuable to hackers, as they can leverage them to propagate more threats through spam. If you connect the dots, a follow up attack through personal email could lead a user to his or her financial institution site," said Lovat. "Since many people often use the same passwords for many sites on the web (which, of course, they should not do), this opens quite a potential quagmire."

He added that a third of the US population uses MySpace with record labels, television and movie studios, celebrities and politicians using the social network site to promote their identities, projects or causes. "What happens if that kind of information falls into the hands of the wrong person?" said Lovat.

He said that with the information gathered from the exercise, hackers will "now have a roster of millions of active MySpace user emails for more targeted threats."

Email to a friend

Print this page