dslreports logo
Huge myspace phishing scam
MySpace unwittingly allows users to build fake myspace login boxes

As spotted by a poster to our phishing and scam forum, MySpace is unable to recognize the risks when a new user creates their page to host a copy of the myspace login box that steal passwords: See topic.

We have verified that the simple scam has netted over 700,000 myspace login email addresses and passwords so far, and the data is still being collected as these trojan myspace pages are still scattered all over the site.

The phisher is obviously not interested in stealing fancy background gifs or music from 700,000 users, but many of those users will use the very same password and email to operate ebay accounts or even paypal accounts.

Do you keep better passwords for online banking and other activities that involve real risk of loss?
view:
topics flat nest 

Maxo
Your tax dollars at work.
Premium Member
join:2002-11-04
Tallahassee, FL

Maxo

Premium Member

Victims

I've seen a number of people who have fallen victim to these scams. I always send them a nice PM telling them to change their password ASAP.

Cop
Premium Member
join:2001-09-05
Auburn, AL

Cop

Premium Member

yep

Yep, See it happen all the time. All they have to do is change their passwords and there good to go.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Re: yep

said by Cop:

Yep, See it happen all the time. All they have to do is change their passwords and there good to go.
Can you send 700,000 PMs when all you have is an email address for each? Would they read their email and believe you if you sent 700,000 emails?

rogue_
I Have A Secret Window
Premium Member
join:2001-10-17
Lake Hiawatha, NJ

rogue_

Premium Member

Re: yep

myspace would delete your account for sending 700,000 e-mails.. Ain't that a hoot! Here you are trying to help out and they remove your ass..

Cop
Premium Member
join:2001-09-05
Auburn, AL

Cop

Premium Member

Re: yep

Tom puts up posts saying if you see bulletins posted under your name that you didn't post, to change your password. Hopefully people are smart enough to take the advice.

kaisa
Premium Member
join:2002-08-20
Chicago, IL

kaisa

Premium Member

Re: yep

how many people will change only their myspace passwords, and not think about their ebay/email/paypal? I'm willing to bet a lot of the myspace crowd uses the same passwords for everything.

DiscardedVet
Premium Member
join:2005-04-06
Sturgis, SD

DiscardedVet to Cop

Premium Member

to Cop
said by Cop:

Tom puts up posts saying if you see bulletins posted under your name that you didn't post, to change your password. Hopefully people are smart enough to take the advice.

Changing the password is irrelevant, considering the password is retrieved via the malicious login page.

DV

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Re: yep

said by DiscardedVet:

said by Cop:

Tom puts up posts saying if you see bulletins posted under your name that you didn't post, to change your password. Hopefully people are smart enough to take the advice.

Changing the password is irrelevant, considering the password is retrieved via the malicious login page.

DV
No it is irrelevant that "tom" puts up messages like this. People who lost their emails/password combinations in this even are never going to see anything disturbed in their myspace account, because the thieves are not the least bit interested in logging into myspace and putting up joke posts.
They are going to take this file, or have already, and they are going to run it through every juicy email+password type validation system they can find.
Paypal allows logins with just your email and password. Ebay as well. Most email accounts (yahoo mail, gmail).
Bank sites, usually not. Usually you also have to know a username and a password.

hayabusa3303
Over 200 mph
Premium Member
join:2005-06-29
Florence, SC

hayabusa3303

Premium Member

lol

One more reason to stay way from that web site.

Breeding ground pedo,viruses myspace is.
dardin
join:2002-11-19
Tucson, AZ

dardin

Member

Re: lol

Couldn't agree more. Myspace is like the new AOL.
enrolk
join:2002-04-23
Murrells Inlet, SC

enrolk to hayabusa3303

Member

to hayabusa3303
It's like a sears catalogue for pedafiles.
They probably start drooling as soon as they log in.

Jehu
Premium Member
join:2002-09-13
MA

Jehu

Premium Member

Yep

"Do you keep better passwords for online banking and other activities that involve real risk of loss?"

I do, I have various "trash" passwords and the select few I use for important stuff.

fcisler
Premium Member
join:2004-06-14
Riverhead, NY

1 recommendation

fcisler

Premium Member

WOW

MAN, people are gulliable....

they post the image "check to say it says..." and give you an image TO SHOW YOU WHAT TO LOOK FOR!

Even at THAT, they have a 4MB and 1MB text file of login:passwords.....wow.....

So anyone notify iPowerWeb yet - 72.22.69.47 ?

Steve
I know your IP address

join:2001-03-10
Tustin, CA

Steve

Re: WOW

said by fcisler:

MAN, people are gulliable....
This phish was expertly done and hosted on myspace.com - it would have legitimately fooled even most experts.

We tell people to watch the URL (in general), but that wouldn't have been good enough here: the fact that the picture shows "login.myspace.com", but the page itself is myspace.com is enough that it would take exceptional caution to notice something was wrong.

Steve

dvd536
as Mr. Pink as they come
Premium Member
join:2001-04-27
Phoenix, AZ

dvd536

Premium Member

1D1075

Only idiots use the same passwords for everything. I use a different one for each site.
ctggzg
Premium Member
join:2005-02-11
USA

ctggzg

Premium Member

Re: 1D1075

said by dvd536:

Only idiots use the same passwords for everything. I use a different one for each site.
Only idiots use a different password for every single site.

Dagda1175
join:2001-06-17
Goleta, CA

Dagda1175

Member

ANY site you have a password for...

...you should change it every three months.

koam
Pink Pecker
Premium Member
join:2000-08-16
East Puddle

koam

Premium Member

this is very old news

i noticed this probably 6 months ago when it was widespread. I haven't seen it crop up in many months.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Re: this is very old news

said by koam:

i noticed this probably 6 months ago when it was widespread. I haven't seen it crop up in many months.
Why didn't myspace apply filters to stop this kind of thing -- 6 months ago?

Michail
Premium Member
join:2000-08-02
Boynton Beach, FL

1 edit

Michail

Premium Member

Re: this is very old news

Myspace is a mess, buggy, slow, easy to hack, etc. It's like the worst high school click times 1,000,000. DSLR is a much better site. Too bad Justin didn't get as lucky as Tom and make all those millions.

LegoPower77
Abecedarian
Premium Member
join:2002-08-03
Midlothian, VA

LegoPower77

Premium Member

Re: this is very old news

said by Michail:

Too bad Justin didn't get as lucky as Tom and make all those millions.
I agree that DSLR is worth a helluva lot more, but it's not a question of "luck" that one has more popularity. Myspace type sites allow ego-centric kids to focus on themselves; DSLR type sites focus on topics and ideas. What's that old saw: "Small minds focus on people, large minds focus on events, and great minds focus on ideas"?

Given the state of things these days, it's assured that the lowest common denominator is where the money's at. If I were Justin, I would have boundless pride about this site and wouldn't trade it for cheap wealth.

Apropos to the topic, last week, I thought about submitting this article to dslr but didn't because I thought the relevance was just a post on a Friday open thread of a few months ago. But, there is an interesting nexus, N.B.:
Some teens, however, say security and privacy -- already a common concern among parents and teachers -- are dampening their enthusiasm for MySpace.

Over the summer, Birnbaum's friend Chrissy Quantrille discovered an impostor had taken her photos off her MySpace profile, set up a fake page and even used it to establish a romantic virtual relationship with a boy in California.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Re: this is very old news

kind comments about dslr but myspace is worth the billion news corp paid for it and a whole bunch more! It is a friendster that works, it allows people (of a certain age) to keep up with each other. I guess it continues to launch the careers of musicians as well. It has also been safer than relying on email where emails from friends are scattered among spam and trojans. I doubt many myspace addicts even use regular email anymore for anything other than signing up to sites like myspace!

But I've seen those news stories reporting that some users realized that myspace is where you put friends that you don't keep in touch with anymore, and sending "wassup?" messages to each other or "nice pic!" or "love your new design" is tissue-thin social interaction. While obviously true, I'm not sure if those negatives are large enough to be a growth problem for "Tom".

I saw myspace has slavishly copied craigslist in building a member to member classifieds system. Fascinating to see if this can ever challenge craig -- even with everyone under the age of 26 being on myspace.

Subaru
1-3-2-4
Premium Member
join:2001-05-31
Greenwich, CT

Subaru

Premium Member

Happend to me

And when I logged back in I saw these messages by me and I was like WTF. As soon as I saw that I changed my password as soon as possible.

Rupert Merd
@ameritech.net

Rupert Merd

Anon

Re: Happend to me

You were stupid enough to fall for the scam?

PolarBear03
The bear formerly known as aaron8301
Premium Member
join:2005-01-03

PolarBear03

Premium Member

Warning In General

This should be a warning in general that you should change your passwords for EVERYTHING often, and use different passwords for each site, especially important sites like anything that involves your money or personal information (bank, paypal, ebay, etc.).

Seven1
join:2002-07-24
Versailles, KY

Seven1

Member

A simple suggestion

Perhaps MySpace should create a login utility of some sort that resides on the user's computer. The way the scam works is simple, but flawed. It relies on users not paying attention to the address bar (or being so ignorant that they don't know to). I grant that my suggestion is most likely not without flaws itself, but I think it would help deter a lot of people from being scammed. At the very least they should have developers put their minds to. However, judging by the lack of action and the lack of change of MySpace, I doubt they will do much of anything. It's high time that monstrosity came crashing down anyway.

Tomek
Premium Member
join:2002-01-30
Valley Stream, NY

Tomek

Premium Member

How it looks like

I never seen it, I wonder how it looks like?
Most of the people that use myspace are naive when it comes to these things and how can I inform them of a danger

steve1515
Premium Member
join:2000-08-07
Peabody, MA

steve1515

Premium Member

Re: How it looks like

said by Tomek:

I never seen it, I wonder how it looks like?
Most of the people that use myspace are naive when it comes to these things and how can I inform them of a danger
Ya, I'm interested in this...I'd like to know how it's done. All the links I've checked don't work. Has this been fixed?

SynErr
mIRC is my life
join:2006-09-14
Charleston, WV

1 edit

SynErr

Member

Re: How it looks like

said by steve1515 See ProfileYa, I'm interested in this...I'd like to know how it's done. All the links I've checked don't work. Has this been fixed?
:

it's not be fixed... it's just hard to find the fake sites and once they are found and reported, they get closed down.

Jameson
Premium Member
join:2004-05-28
united state

Jameson

Premium Member

Re: How it looks like

I spotted one the other day and reported it to them.