Why phish myspace?

August 4, 2006

Bear with my geek for a moment if you can stomach it, I just found a soapbox and I’m dying to use it.

First they get your username and password for myspace. Then they start spamming all of us with these ridiculous bulletins. We click on them because we are your friends and we trust you. They, the spammers, do that to get our email addresses. To hock their wares. Basically because there probably isn’t much, if anything, in the way of anti-spam on the myspace servers. Because maybe if they get your email address and they know that your friend didn’t notice that the URL didn’t say myspace.com verbatim when it prompted them with, “oops you must be logged in,” you might not notice if they sent you an email claiming to be from your bank or mobile phone provider or who knows what these days. Even if you are really good and the URL seems to be on the right site, someone could being pulling strings with that site and URL to dupe you.

After researching a bit, the flash worm may not be the cause of the recent wave of bulletin spam, only a symptom of bad security measures and clever social engineering schemes. Hard to say. If the propaganda site pull the “oops” trick who knows how many people doofed and figured myspace had hicupped and that was why the login prompt came up unexpectedly.

So please my friends. Be careful and observant. If you get prompted to login right after clicking on a link in the bulletin stop and think about the fact that you had to be logged in to see the bulletin in the first place. If you get an email that you aren’t expecting don’t click on the links. If you do get clicking, look at that address bar very carefully before you ever enter a username and password on any site.