Search

  
 
MySpace phishing scam targets music fans


October 14 2006

MySpace phishing scam targets music fans

 


Con-men have developed a phishing attack targeting MySpace music fans that highlights the evolving use of social engineering techniques in money-making spam emails.

Junk emails featuring the attack have been spammed out to thousands of computer users around the globe in the last week, to trick them into visiting one of a series of bogus websites that pose as an online music store. The emails typically pose as MySpace contact emails, increasing the chances that prospective marks will be duped by the messages.

The message in the email informs recipients, "You've got a new song from <name> on MySpace!", and invites them to click on a link that directs them to a site claiming to sell MP3 music.

The sites, one example of which only had its domain name registered on 5 October and claims to be based in Lappeenranta in Finland, have no affiliation with MySpace, UK-based security firm Sophos reports.

The goal of the attack is to trick prospective marks into handing over their names and credit card information to fraudsters. In a bid to make the bogus email appear more legitimate, con-men have included fake MySpace boilerplate text in their messages.

MySpace boasts an estimated 43m users, far more than any online bank, so even though their spam emails are being distributed indiscriminatingly they are far more likely to reach users of the targeted service, as net security appliance firm Fortinet notes.

Fortinet has recorded more than 50,000 of these spam emails over the past nine days. The attack, which originally targeted surfers in Japan, has spread worldwide and uses a variety of bogus websites. Users foolish enough to attempt to purchase music albums from these sites (offered at $2 or less) will find that their purchases don't do through. The sites are designed purely to harvest credit card details for subsequent fraudulent use.


 

Reproduced from an article published by The Register
© The Register

The original article can be viewed here:
http://www.theregister.co.uk/2006/10/14/myspace_phishing_scam/

 Bookmark Digg this story

RSS feed  |  About RSS feeds

Get the Industry's top stories delivered straight to your inbox...
Firstname:

Surname:

Email:

Frequency:
 Daily  Weekly
 
© 2003-2009 Global Secure Systems Ltd | Terms and Conditions
 
Industry News
Case Studies
White Papers
Press Releases
Vulnerability Advisories
Monthly Newsletter Archive
Bandwidth Management
Consultancy Products
Content Control
Desktop Protection
Email Management
Encryption Solutions
Firewall/VPN Solutions
Identity and Security
Intrusion Management
Network Optimisation
Secure Remote Access
SIEM (Event correlation)
Strong Access Control
Vulnerability Management
Web Services Security
Wireless Security
About GSS
Supported Charities
Partner Accreditations
Exhibitions & Events
Contact Details
Location
Careers
Terms & Conditions of Sale
Network Penetration Testing
Web Application Testing
Managed Vulnerability Scanning
Citrix ESA
Wireless Scanning
GCSx ITHC Testing
Vulnerability Advisories
ICS Catalogue