MySpace Phish Tricks

[ad name=”Gamefly”]

It’s been a busy week for the spammers over at MySpace. No doubt you’ve already heard about StalkerTrack. That’s the “service” that spams people with a product that’s “in development.” And they ask you to provide your MySpace username and login-just to make sure you’re a real MySpace client (wink-wink). And WAY down in the small print they admit they will use your profile to contact other MySpace users to notify them about this wonderful product (that’s the spammy part). They HIJACK a profile and then send the spam pretending to be somebody you know. Here’s the current image they’re using.

stalk1.jpg

 

So that strategy is light phising and they do admit what they’re up to. You can learn how to avoid a phishing attack with Anonymous Surfing. But have you seen the latest phish trick? It’s straight up redirection to a false MySpace page. Where they collect valid user info. And just like StalkerTrack they post bogus comments on your profile. In this case it’s a sexy girl video.

fake3.jpg

Now regular users KNOW that to accept a comment with embedded video they have to approve it from their inbox. But out of curiosity most people click “play” on the video which takes you to this page…

fake1.jpg

Yes! A fabulous fake login that looks like it COULD be the real deal. And they present you with “we had a technical issue” con job, and ask that you provide your username and login. But if you look at this URL you might notice some odd characters in there. Takes me back to the ol’ fake PayPal days. Ah, memories.

fake2.jpg

Earlier this week I posted a bulletin at MySpace to the other users, but I think I’ll try to notify MySpace itself about this security breach.

And down here are 2 more comment messages that are spam, and usually means a person’s profile is being used.

spam.jpg spam11.jpg

More examples keep rolling in, so I’ll just make them thumbnails and you can click on them to get bigger pics.

myfake.jpg

And this one leads to a WHOLE fake page like the one above, except it doesn’t give you an error page but what looks like the official MySpace start page.

myfake1.jpg whole-fake-page.jpg

fake-login-page.jpg fakelog.jpg

And here’s the latest group I found. It’s not the usual image phish, but a TEXT spam. Remember, click thumbnail for full size image.


Anonymous Surfing Free Trial 468x60

fakemail.jpg fake-comment.jpg spam.jpg

This is a whole FAKE PERSON. Normally the fake profile is a young white girl in some sort of sexy pose. This one is special because it’s a Latina, and “she’s” got about 50 friends already (including me!) who thinks she’s real.

fake-person.jpg
[ad name=”crazy-egg”]

4 thoughts on “MySpace Phish Tricks

  1. Yep. I fell for the stalker spam. Got my account hijacked. Got an annoyed message from one of my friends and think I lost a couple more because of it. Live and learn.

  2. Hi Hayley,
    Thanks for visiting. The main thing is you’re now aware. It’s insidious, stuff; using a friend’s profile to contact you with, what seems like, helpful or fun items.

    Just keep in mind this is their JOB, trying to figure out how to fool people, so they’re pretty experienced. That fake website one is downright dirty.

  3. Hi, Dave.

    Think you’ve got it all just about covered here… except for the “free Macy’s $500 gift card” or whatever gift card or penile enlargement scam they’re running this week.

  4. Hey Julie!
    Thanks for stopping by.

    And yeah I’ve seen that Macy’s one but I haven’t actually had that ugly thing pasted on my profile yet. But when I do I’ll post a copy here so people can see what you’re talking about.

Comments are closed.