TELECOM Digest OnLine - Sorted: Phishing Scam Takes Aim at

Phishing Scam Takes Aim at

Jeremy Kirk (
Fri, 2 Jun 2006 11:43:19 -0500

Jeremy Kirk, IDG News Service

A phishing site that harvested the login and credentials of users was removed as of Friday from a California server, a
security vendor reported.

A phishing attack involves tricking users into visiting a look-a-like
Web page that asks for personal information, which is then sent to a

The rich trove of personal information stored on MySpace user pages is
making the social networking site an increasing attractive target for
identity theft, said Ross Paul, a senior product manager at Websense,
which makes security software.

Spreading Via IM

The attack would not have been noticed by most users, Paul said. The
attack starts when a user is sent a link through an instant messaging

The link is from someone in their contact lists, asking them to click
the link to MySpace to view photos, Paul said. The link leads to a
fraudulent MySpace login page. Once the victim enters their
information, they are then transparently logged into the real MySpace
pages, Paul said.

But a hacker then has access to personal information stored by
MySpace, such as someone's address and birthday, which could be used
to open a bank account, Paul said.

A hacker can also tap other instant messaging contacts or e-mail
addresses who send out the link to the phishing site, which often is
done using automated programs.

"The rising popularity of this kind of meeting place is obviously
increasing the potential for financial gain," Paul said. "The more
information you give MySpace, the more at risk you would be if someone
managed to get a hold of your login information."

MySpace, started in 2004 and bought by News Corp. last year, counts at
least 73 million users and is growing. MySpace's "viral" networking
model allows friends of friend to easily connect, but sexual predators
have also used its features to meet underage victims.

As a result, MySpace appointed a chief security officer in April and
implemented careful page monitoring.

Copyright 2006 PC World Communications, Inc.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Andrew Brandt: "The Risk of Misplaced Myspace Hysteria"
Go to Previous message: John Mayson: "Cell Phone Towers in U.S. Parks Dial Up Debate"
TELECOM Digest: Home Page