brandon1234
@comcast.net
1 edit
 from:
xmrocks 
| huge myspace phishing scam
at the moment there's a large phishing scam circulating around myspace
there are a lot of fake profiles setup like »www.myspace.com/118474060 that have really authentic looking login screens
the login info is sent to an external site
judging by wget | wc it looks as though nearly 700,000 people have been duped by this so far |
|
removed
Crisis Management Squad
Premium,VIP
join:2002-02-08
Houston, TX
clubs:
| Wow, that's an impressive list. But 700,000 isn't all that surprising considering the fact that most MySpace users are, well, idiots.
What kind of stuff are these accounts being hijacked for? There's no financial information on MySpace - nothing worth stealing, IMO.
--
irc.removed.us - #dslr | DSLR Phishtracker | Morning Glory Comics | Email: removed@dslr.net | Phone: 718-606-4100 |
|
brandon1234
@comcast.net
from:
xmrocks
| reply to brandon1234
was wondering the same thing myself. i guess they could be hoping that some people have the same info for ebay/paypal/etc, but then again everyone on myspace is like 13 and has nothing worth taking |
|
xmrocks
Premium,MVM
join:2003-09-23
clubs: 
 ·Comcast
1 edit | reply to removed
said by removed :What kind of stuff are these accounts being hijacked for? There's no financial information on MySpace - nothing worth stealing, IMO. Maybe they are stealing the "oh-so cool backgrounds" the idiots of MySpace are using these days  MySpace is such an eyesore!
I guess if the MySpace user uses the same login, as brandon1234 mentioned as eBay/Paypal/their e-mail service, the e-mail address could be stolen and used to send out more phishing and/or scam e-mails that have more value to them (i.e. for banking, etc).
Or maybe it's just the pride oh saying "Yeah, I stole X amount of MySpace passwords!"
Edit: Just to prove my point (not that it needs to be or whatever), I picked a random user in that list, went to their e-mail server site, entered in their e-mail address and password and I'm now into their e-mail.
--
I don't tolerate phishing - >>phishtracker |
|
removed
Crisis Management Squad
Premium,VIP
join:2002-02-08
Houston, TX
clubs:
| Hmm, that's a very interesting point. Out of 700,000 harvested accounts at least 5% of them are bound to have an active PayPal account. 5% of 700,000 = lots and lots of disputed PayPal charges.  |
|
28482647
Premium
join:2003-05-13
England | reply to brandon1234
Oh dear :| Anyone reported it or anythin? |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| said by 28482647 :Oh dear :| Anyone reported it or anythin? Yes the news has been passed to on to them.
Hopefully they will quickly write a script to take down all the fake pages and block new ones.
This isn't going to help the 700k+ people in the list whose email/password combinations are now pocketed, however.
Will MySpace grab the same archive file the phisher has already got, and inform everyone by email to change their passwords on other sites, if they share the same password? |
|
28482647
Premium
join:2003-05-13
England |
MySpace is a heap, I doubt they even care tbh.
It's wild how users can edit their pages so much so that it can be faked like that. :\ |
|
brandon1234
@comcast.net | reply to brandon1234
amazing that those pages are STILL up now.... |
|
xmrocks
Premium,MVM
join:2003-09-23
clubs:
·Comcast
| MySpace was never known for security. I am willing to bet that they'll still be up tommorow, too, unfortunately.
It honestly doesn't surprise me one bit. There's really no excuse for them to still have the page up, though. They were warned about it.
--
I don't tolerate phishing - >>phishtracker |
|
icex _
Premium
join:2004-05-22
USA
clubs:
1 edit | reply to brandon1234
fyi for anyone that wants to know the fake login link website is »:xxxxx
--
Team Discovery
mod edit: There isn't a good reason to post the link |
|
exocet_cm
In memory of dadkins
Premium
join:2003-03-23
New Orleans, LA
clubs:
·Cox HSI
·Suddenlink
 ·Cingular Wireless
 ·AT&T Southeast
·Charter Pipeline
2 edits | said by icex _ :fyi for anyone that wants to know the fake login link website is » :xxxxxxxxxxxxxxx I just dug around and was about to post the same thing.
Edit: It looks like that site might also be involved in a watch scam. Google it.
--
"I have measured out my life with coffee spoons..." - T.S Eliot
I'll take "things only I know" for a thousand Alex.
|
|
M A R K
St. Ides Heaven
Premium
join:2001-06-15
Long Island
clubs: | reply to brandon1234
How do we now what to even look for?
--
'Posthumously Young' |
|
garys_2k
join:2004-05-07
Farmington, MI
 ·Future Nine Corpor..
·Vonage
| said by M A R K :How do we now what to even look for? If it's a myspace login the url should be "login.myspace.com" and nothing else. |
|
