Tom from MySpace got phished

Phishing is a major problem on MySpace because of the ability to style pages with CSS. Spammers set up account pages disguised to look like the standard MySpace login page and then capture login info for users. Shortly after they capture your info, a bunch of spam bulletins get posted under your name and all your friends realize you’re not very smart. It doesn’t seem to be happening as much now, probably because users are looking out for it, but it still happens. Sometimes to people that should reallllly know better.

Yesterday Tom Anderson got phished. Tom’s the co-founder of MySpace and is the default friend for new sign ups. With 148 million friends, posting a bulletin on Tom’s account can generate a LOT of traffic. While the bulletin was still live (it was deleted pretty quickly) I couldn’t get to the attacker’s website. I got to it later on and it’s disguised to look like a MySpace sign-in page. I’m guessing they got info on a lot of user accounts. The page has now been deleted and I can’t find much anywhere on the site. It’s hosted out of Singapore and registered to Marc Olano. For his sake I hope his site was hacked. Most likely that’s the case, that is how these people operate. If you want to check out the empty apache listing, be my guest: http://www.marcolano.com/login/.

Note: Though the link in the screenshot appears to be a link to a MySpace profile (which doesn’t actually exist), it’s HTML and actually links to the aforementioned website. The funny part was whoever was smart enough to be able to post a bulletin on the most popular MySpace profile was not smart enough to actually make it look legit, KTHX!