Myspace phishing in practice
So, yes, this is about the twentieth post here about Myspace: Netcraft is reporting a sighting of a Myspace phishing page.
Now, this is a more old-school definition of phishing -- after all, this is merely a user/pass collection scheme, rather than a financial attack. And does it really matter if your Myspace account is hijacked?
Well, probably -- it's not too much of a stretch to believe that if a victim is on Myspace, he shares a user/pass between that and his e-mail, and if he does any sort of business online, you can bet that he shares a password with that service, too. Or, at the very least, can the attacker can hit a button that says "I forgot my password" and get a reset notification sent to his victim's compromised e-mail account.
Oh, and as of this writing, the fake login page is still up. I'm sure Myspace has a reason why takedown is lagging so far behind the report. Check it out. If you have a Myspace account, um, don't log in.
Now, this is a more old-school definition of phishing -- after all, this is merely a user/pass collection scheme, rather than a financial attack. And does it really matter if your Myspace account is hijacked?
Well, probably -- it's not too much of a stretch to believe that if a victim is on Myspace, he shares a user/pass between that and his e-mail, and if he does any sort of business online, you can bet that he shares a password with that service, too. Or, at the very least, can the attacker can hit a button that says "I forgot my password" and get a reset notification sent to his victim's compromised e-mail account.
Oh, and as of this writing, the fake login page is still up. I'm sure Myspace has a reason why takedown is lagging so far behind the report. Check it out. If you have a Myspace account, um, don't log in.
posted by todb at 11:56 AM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home