MySpace Users Getting Hacked by ‘Phishing’ Technique

 It’s called phishing. Someone puts up a page that looks like a log-in page (in this case for MySpace). Chances are the victim somehow clicked on a link that brought their browser to a fake MySpace log-in page. An unsuspecting user might have walked away from their computer and forgotten that they never logged out, so it doesn’t seems suspicious that a MySpace log-in page is on their computer screen. But when they log in to the fake log-in screen, they are simply giving their user name and password to the ‘phisher.’ The ‘phisher’ then uses scripts to log in to the victim’s MySpace or manually logs in and uses the victims profile to put ads on the profile or send out fake bulletins that could earn the ‘phisher’ affiliate points and money from affiliates. The ‘phisher’ can’t change the victim’s password or lock them out of their own account, because MySpace requires a confirmation from the victims e-mail address. It can may the vicitim look as though they are spamming their friends with frequent ads, sometimes to porn sites or just plain ridiculous offers.

The best security precaution to prevent ‘phishing’ is to always make sure the URL address at the top of the web browser is a myspace.com address. ‘MySpace Tom’  (myspace.com fonder) has more details on his blog at his profile (Tom’s Profile | Tom’s Blog Entry on Phishing).

The following is an excerpt from Tom’s blog entry on

bulletins that you didn’t post?
Current mood: annoyed
Category: MySpace

are you finding bulletins in your list that you didn’t post? maybe comments sent to your friends that you didn’t post?

you can stop this by changing your password! a spammer has access to your account. they’re using it to market their junk to your friends via YOUR bulletins and YOUR comments. fight back by changing your password!!

now how did they get your password? it’s called phishing. somewhere on myspace you clicked on a link, profile, page – something, and you saw the myspace login page. but wait – it wasn’t really the myspace login page. it was a FAKE LOGIN PAGE.  that fake page was created by a spammer who is waiting for you to enter your email and password. once you’ve done that, he’s stores your info. then he runs scripts to send bulletin spam and comment spam on myspace.

so don’t fall for the trap – check the address bar at the top of the page and make sure you never login unless you’re on “myspace.com”. to be totally safe, type ‘myspace.com’ everytime you see the login page. if you type in myspace.com, you’ll know you’re on the right login page.

p.s. if you see a friend posting junk on their bulletins, send them a link to my blog so they know what’s up !

look at these screen shots for examples. in these two cases, the spammer used a myspace profile (so the link still says myspace), but its not the login.myspace page – its a profile page with code in it made to look like a login page.

example 1
example 2
example 3  

you may be looking at these and thinking how can i ever tell the differnece btween the real login.myspace.com page and one of these fakes? its a subtle difference! answer: NEVER login on this page. if you are logged out of myspace, just type www.myspace.com yourself, and then you’ll know the login page is real!!