Threats of a Phishing MySpace E-mail
Page content

Phishing and MySpace

MySpace is a social networking website where users share personal information with their friends, family or colleagues. Users of MySpace may customize the look and feel of their MySpace pages and create user groups that are similar to forums but the permission to create user groups is for anyone who has a MySpace account.

Like YouTube and other popular social networking services, attempts at phishing MySpace users exists in the form of an e-mail or a webpage. Spammers creates a fake message or webpage with the purpose of stealing login credentials of the victim and also to get access to other valuable information such as credit card numbers, e-mail address passwords, mailing address, social security number or mothers’ maiden name. Anything that will help scammer to profile a social networking service user is an important start for bad guys to start their malicious attacks.

Examples of Phishing MySpace E-mail

I personally do not have a MySpace account but I’m receiving phishing e-mail about a MySpace account. The images below are examples of fake MySpace message:

Phishing MySpace E-mail

Subject: Myspace Password Reset Confirmation

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document. Thanks, The Myspace Team.

Malware Spam: Phishing MySpace E-mail

Both e-mails contain an attachment which is definitely a malware: MySpace_document_82788.zip or myspace_94354.zip. If you have security solutions with real-time protection, the said malware in the email should be detected when you try to download or open. Below are example how Windows Defender and Avira AntiVir caught the malware in the phished MySpace e-mails:

Windows Defender Detected Malware in a Phishing MySpace email

Avira AntiVir Detects Malware in Phishing MySpace message

Another example of a fake MySpace message is below:

Subject: update your MySpace account

Dear MySpace user! Please be informed that you are required to update your MySpace account.Please update your MySpace account by clicking here: https://{afakeorphishingmyspaceURLhere}&email=forums@{youremailaddressdotcomhere}. If you’re unable to click on the link above, copy and paste it into your browser’s address bar.

At MySpace we care about your privacy. This email is never sent unsolicited. If you think you’ve received this email in error, or if you have any questions or concerns regarding your privacy, please contact us at: privacy@myspace.com

Fake MySpace E-mail with Link to Phishing MySpace Page

MySpace users who click on the spoof link will end up giving their login information to a fake MySpace website and the added risk is that you confirmed your email address to the spammer and you may lose access to your account or infect your computer with malware.

Image credits: MySpace logo from https://commons.wikimedia.org/wiki/File:Myspace.svg, screenshot taken by the author.

Security Reports by Security Vendors Include Threats for MySpace

200px-Microsoft - Where do you want to go today.svg

Several security vendors have released a threat report and most of them have one thing in common to report: Cybercrime, cyber war, social networking and data loss and encryption is on top of the threat lists. Examples of the reports come from Sophos and Microsoft:

Halfway through 2010, cybercrime continues to evolve and grow in both scale and sophistication. As social networking becomes ever more deeply embedded in our everyday lives, it has become an ever more fertile hunting ground for those who would steal and abuse our personal information, and compromise and misuse our computer systems to gain financial advantage by stealing our personal or corporate funds or obtaining illicit funds from advertisers or spammers. Just as folks have changed their habits to accommodate new technologies and new ways of conducting their everyday business, so security providers have needed to implement new strategies to cope with the massive growth in new malware and new attack vectors.

https://www.sophos.com/security/topic/security-threat-report-mid2010/. The previous reports from Sophos also inform users on threats on social networks. Microsoft Security Intelligence Report (SIR) Volume 8 for July - December 2009 states:

As published in previous volumes of the SIR, social networking properties suffered the highest total volume of phishing impressions as well as the highest rate of phishing impressions per phishing site.

How to Protect Against Phishing MySpace

It is quite clear that using social networking services may boast identity of an individual or a company but such services are the place where scammers hang out as well. I always recommend to users to only use the services they need. There’s no single social networking service that can escape phishing messages that are similar to a phishing MySpace e-mails. Always delete such unwanted messages and never click on links in email but manually type the URL address of the website you are planning to visit. If you frequently visit MySpace then save it in your bookmarks.

If you would rather prevent your children from using MySpace and protect against such phishing emails, use a parental control software. And of course, always use an up-to-date antivirus program and operating system by installing the security updates.

Note that even Internet users that do not use MySpace can receive phishing emails like the ones I mentioned in the first page of this article. Use anti-spam or e-mail filtering to immediately get rid of such spam and phishing messages.

Image credit: Microsoft logo https://commons.wikimedia.org/wiki/File:Microsoft_-_Where_do_you_want_to_go_today.svg