Phishing is a horrible thing. Identity theft is becoming more and more common and the burden is increasingly on the individual to protect themselves, with banks starting to grumble about protecting their customers from scams. Browsers now have anti-phising protection built-in, and we’re all sitting behind firewalls and running regular virus checks with our regularly updated virus protection software. (Right?) Still, the bad guys seem to be staying a few steps ahead of the white hats, using increasingly sophisticated attacks, and basically, it’s all quite scary.

But was there really any need for MySpace to block my account five times this afternoon?

The first time it did it, I was a little concerned, but happy to change my password. Well, I was initially happy, before I had to navigate all of the password-changing requirements: a password that was between 6 and 10 characters long, including a mixture of letters and numbers or at least one special character. I have a list of passwords I generally cycle around accounts, but most of them are around 12 characters long. Eventually I found a suitable one, only to be confronted with the most infuriating CAPTCHA I’ve ever seen. The letters were a mixture of upper and lower cases, some upside down or distorted, and quite frankly, I couldn’t read some of them.

So my efforts to reset my password were rejected and I had to start again.

And again.

And again.

MySpace continually found something wrong. And as soon as I managed to change the account, the “You’ve been phished!” message popped up again and made me go through the whole rigmarole again. I was getting increasingly paranoid that someone really was phishing my account at this stage, till I realised what was triggering it: I was trying to post a bulletin with a link.

Apparently MySpace thinks that’s something only phishers do.

Of course, if a phisher really had obtained control of my account, er, what’s to stop them clicking on the “change password” button and really screwing me up by changing it — and altering the e-mail address associated with the account, to boot?

Bah, humbug. I’m quite angry now. Especially since I can’t remember what the last password I came up with was. And I still haven’t posted that bulletin.