Spammers use MySpace in phishing attack

In a global reaching campaign the criminals used the name of the popular social networking site in an attempt to phish information from email recipients.

The emails were spammed out to hundreds of thousands of computer users last week enticing them to click on a link to a sham website posing as an online music store.

The message prompts the user to click on a link to MySpace. But, instead of directing the person to the website it takes them to a different site appearing to sell MP3 music and encourages the individual to buy and download tunes. Furthermore, the spammers include a fake boilerplate text in the email to dupe users into thinking it is legitimate.

The site, which only had its domain registered on 5th October, claims to be based in Lappeenranta in Finland but has no connection with MySpace and reports suggest it is a con.

Graham Cluley, senior technology consultant at Sophos said: "By making the headlines nearly everyday, the MySpace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes."

He added: "This email has been so aggressively spammed out that many of its recipients are not even MySpace users, so common sense should tell them the email is unsolicited and is to be deleted. Anyone who follows the links expecting to get free music, however, is risking handing their email address, credit card numbers and other private information over to the spammers."

He advised all businesses and individual users to protect their email against spam and phishing attacks with appropriate security measures. It is estimated that if this campaign continues the number of users affected could reach the millions.

attackinmyspacephishingsecurityspammersuse