Architecture, Application Security

Spammers use MySpace.com in phishing attack

October 13, 2006

Spammers are using the MySpace brand in a phishing attack on music fans, a major security vendor reported today.

In a global campaign, the criminals used the name of the popular social networking site in an attempt to phish information from email recipients.

The phony emails were spammed out to hundreds of thousands of computer users last week enticing them to click on a link to a sham website posing as an online music store.

The message prompts the user to click on a link to MySpace.com. But, instead of directing the person to the website, it takes them to a different site appearing selling MP3s and encourages them to buy and download songs. Furthermore, the spammers include a fake boilerplate text in the email to dupe users into thinking it is legitimate.

The site, which only had its domain registered on Oct. 5, claims to be based in Lappeenranta, Finland, but has no connection with MySpace and reports suggest it is a con.

Graham Cluley, senior technology consultant at Sophos, said: "By making the headlines nearly everyday, the MySpace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes."

He added: "This email has been so aggressively spammed out that many of its recipients are not even MySpace users, so common sense should tell them the email is unsolicited and is to be deleted. Anyone who follows the links expecting to get free music, however, is risking handing their email address, credit card numbers and other private information over to the spammers."

He advised all businesses and individual users to protect their email against spam and phishing attacks with appropriate security measures. It is estimated that if this campaign continues, the number of users affected could reach the millions.

prestitial ad