[Infowarrior] - MySpace Overcome By Severe Phishing 'Epidemic'
Richard Forno
rforno at infowarrior.org
Sat Nov 10 00:50:43 UTC 2007
MySpace Overcome By Severe Phishing 'Epidemic'
http://wcbstv.com/technology/macys.myspace.phishing.2.564526.html
By STEVE FINK, WCBSTV.COM
NEW YORK (CBS) ― Social networking giant MySpace stumbled to its knees at
the hands of a cyber superbug recently, falling ill to a severe phishing
epidemic that is plaguing a vast and vulnerable segment of its membership.
The viral scam, which targets the site's younger users, promises victims a
free $500 Macy's gift card.
It sounds like a steal. And actually, it is. It's the stealing of a member's
identity.
The spam scam involves users unknowingly sending their MySpace friends
e-mails and posting comments on their profiles that plug a ploy for the
supposedly free gift card that they'll never actually see, touch, or spend.
In fact, to lead the younger members on, the ads are written in
"kids-speak." One such posting starts off by telling the victim, "Hey dude,
check it out! You ain't gunna believe this!"
Another one reads: "i'm just hittin you up, as a friend, to fill you in on
this exclusive deal to get a FREE $500 Macy's Gift Card, yes, FREE! just
answer a question or two and BOOM you got a shopping spree lol!"
Members fall into the phishing net by clicking on a provided link in the
posting, which in some cases comes in the form of what looks like a video
featuring a scantily-clad young woman. After clicking on the link, the
member is taken to a faux MySpace login page where the user is asked to
re-enter his or her username and password. That information, however, is
actually being sent to the "phisher," a third party illegally acquiring the
member's personal information.
The pain and suffering begins immediately and will continue until either the
phisher is caught or the member changes his or her password, mainly because
victims simply have no clue they're sending the e-mails until someone
finally tells them.
"It is an epidemic on MySpace," PC Magazine Executive Editor Jeremy Kaplan
tells wcbstv.com. "It is a big problem particularly because of the
pervasiveness of MySpace. If you're in junior high, high school, college --
half the world seems to have MySpace pages -- so the younger you are, the
more frequently you use it and the more likely you are to encounter this
thing. It is a huge problem."
Kaplan says members are sending the spam without their knowledge because
once their information is obtained, the phisher uses a robotic program to
log onto the victim's account and then disseminate the ad to every single
person on that member's "friends" list.
It has spread so fast and so thoroughly that the site has become, for many,
an absolute nightmare to be a part of.
There's no way to tell for sure just how many users have been victimized,
but the number is likely to be well into the thousands by now. Just browsing
through various members' profiles, it doesn't take long to happen upon one
that advertises the gift card scam.
"I was pretty upset, basically because I don't want people to think I would
treat them that way," says Brad Engler, a 28-year-old musician from
Baltimore whose account was infiltrated by the phisher. "I hoped that
everyone would realize it wasn't me trying to get them to shop at Macy's."
In fact, Engler's friends are so tired of receiving his e-mails, which he
says have continued for about two weeks, that his profile is highlighted by
a barrage of comments from them scolding him for the spam. Placed atop his
profile now is a banner that reads: "NO - I DIDN'T MEAN TO SPAM YOU."
PC Magazine's Kaplan says he doesn't think MySpace has done much to help
solve the problem.
"It's gonna be interesting to see how MySpace reacts to the issue. They were
very slow to deal with the MySpace predator problem -- it took a couple of
weeks, months to address that -- and so with this crisis, maybe they'll move
a little bit quicker," he says.
And move quickly the site claims it has. A MySpace official asserted to
wcbstv.com that it has already corrected the problem.
"Individuals who try to spam or phish our members are violating the law and
are not welcome on MySpace," Chief Security Officer Hemanshu Nigam said in a
statement. "We have identified and stopped the primary source of the Macy's
Gift Card spam and are making every effort to identify and block the future
spreading of this spam."
Nigam would not reveal details of the source's identity nor what, if any,
charges have been filed, citing the fact there is an ongoing investigation.
Oddly enough, though, it seems that Macy's, which has joined MySpace to
fight the phishing scam, is not aware the primary source has been stopped.
In a statement to wcbstv.com, a spokesperson for the company made no mention
of anyone being caught.
"We are extremely concerned that individuals are being targeted in our name,
and when we learn that another person or company is using our brand without
consent, we work hard to stop it. However, this can take time, and it also
can be difficult to do. Consequently we are advising consumers to protect
themselves," the official said.
So how can you protect yourself from the phishing scam? First and foremost,
if you think you're a victim, you should change your password immediately.
But MySpace offers this advice to prevent phishing scams as well:
* Install the latest operating system and auto-install for critical
updates.
* Use a firewall.
* Use anti-virus and anti-spyware software and keep them updated.
Macy's has also posted a consumer alert on its Web site. Click here to read
the alert.
And of course, there's simple common sense. If the deal looks too good to be
true, experts say, don't believe the hype. It probably is.
(? MMVII, CBS Broadcasting Inc. All Rights Reserved.)
More information about the Infowarrior
mailing list