MySpace has become a target for identity thieves. Not that this is surprising, there is an added twist that takes it beyond what I’ve seen done on sites like PayPal or Ebay.
For example, who hasn’t received an email claiming to be from PayPal or Ebay telling you that your account has been exploited, that you need to update your account information, or that you have won an auction that you hadn’t bid on? They VERY common, and all done with the same purpose: to get you to click on a link to a fake PayPal or Ebay site where you’ll enter your login information. This can then be used to drain your accounts, run fraudulent auctions, and other malicious activity.
Similar behavior is happening using MySpace, which makes sense since there are millions of registered members who could be tricked into turning over their login information – Information that’s surely usable on other sites like PayPal or Ebay.
But here’s the twist: this is being done from within MySpace.
Here’s an example email I received in my MySpace inbox from a MySpace friend of mine. It wasn’t a typical MySpace webcam girl spam request. This looked like a legitimate email from an actual friend of mine:
I’m sure a LOT of people would open an email like that when it’s sent to them from a friend. Here’s what the link took me to:
Whoops. Looks like I got logged out when I tried to visit the page my friend suggested I check out. That’s certainly not uncommon on MySpace.
But wait, what’s up with that URL:
As ugly as most MySpace URLs are, they’re not THAT ugly. A .cn domain? Why am I suddenly in China visiting a sub-sub-sub-sub-sub-sub-domain of 378d38.cn?
That’s an impressively good spoof site. Reading the domain from left to right would be enough to reassure many MySpace members.
Does anyone actually fall for this?
Take a look at the spike in traffic to the identity theft site over the past month:
That’s a LOT of traffic. Evan a minuscule conversion rate would generate a ton of MySpace member’s login information.
How many MySpace members have to click on links to 378d38.cn before MySpace gets around to blocking emails mentioning that domain?