MySpace Scams

Security watchers have discovered a phishing attack targeting users of MySpace, the social networking website. The attack comes in the form of a hyperlink sent to potential marks in an AOL instant messaging message.

Users who follow the link are taken to a bogus website that spoofs the MySpace.com login page. The ruse is designed to fool users into handing over account information to crooks. Surfers duped into handing over this information are subsequently forwarded to the real MySpace.com website.

According to net security firm WebSense, the fraudulent site also sets a “cookie on the victim’s computer, which prevents the phishing attack from being displayed on any subsequent visits”.

The MySpace phishing email is another example of how email fraudsters are widening their sights beyond traditional targets, such as eBay and high street banks, alongside moves to develop more sophisticated scams.

Question: My children have set up MySpace profiles, even though they were not supposed to. They insist that only their friends have access to their profiles, but how can a parent be sure? How do I know?

I just entered my daughter’s e-mail address and went straight to her page, although I could not go any further because I had to be a member to log in. Even at that, I was surprised at the info that was available.

They think they are so smart about how they manage their profiles. What can we do?- Nancy Heslin, via e-mail
A: Overnight, MySpace replaced the convenience store parking lot or mall fountain as a gathering place for children starting in junior high school or earlier.

As you indicate, each young user gets a home page containing a personal photo and a self-composed profile, as well as a message board to exchange info with friends and a blog spot to post thoughts with friends and others.

Put your foot down and demand that your children give you the same access that they give to their friends and other MySpace members. Then add that MySpace page to the Favorites in your own browser and make a daily practice of checking things out.

Better yet, take a couple of minutes and set up your own MySpace account so you can watch your children’s MySpace space as a logged-in user. Signup is quick and simple.

If you just go to http://www.myspace.com/ and browse the postings, you will find a range of age groups where children registered as being ages 14 and 15 are communicating with 30- and 35-year-old men and women and where few holds seem to be barred. MySpace operators post warnings that children must be 14 and must not lie about their age, but there is nothing to stop a much younger child from joining.

When a person signs up for a MySpace account, many privacy and security options can be set to minimize the downside on this Internet phenomenon that brings huge upside socializing for its audience.

For example, you can discourage unknown people from getting through to your child by requiring that a valid e-mail address be provided before that person can be added to the Friends list that is the heart and soul of this Web service designed to foster socializing.

Likewise, you can set the account to hide your children from being listed to all comers when they go online; you can stop others from passing along e-mail links to download your child’s photo and restrict blog posts to only people you know. You can even block the feature where music from a favorite band gets played when your child visits somebody else’s area on MySpace, which will guard against sexually and racially offensive lyrics.

As a parent, you even can order your children’s accounts closed by going to http://www.myspace.com/ and clicking on the Safety item at the bottom of the page.

You also can find links in a special parents’ area that point to software that can be installed on a computer to let you monitor every keystroke the children make and to otherwise watch and censor their access.

Many kids have turned to the Internet for a place to hang-out and MySpace has become the predominate setting for mingling and chatting.  Everyone has different uses for the Internet and kids are especially vulnerable.  There are some things you can do to make it a little safer.

First, if you are a parent, I recommend signing-up and creating a new account for yourself.  It only takes a couple minutes to do this.  You will need to provide an email address and a little information about yourself.  You can browse and see what your kids are doing this way. Remember to add their profile to your favorites so you can keep an eye on them. 

Viewing other people’s profiles could be a real eye opener.  Start viewing the profiles and blogs of other users.  This may even prompt you to limit your kids access to the Internet and possibly encourage you to buy some child safety or monitoring software.

Even though MySpace posts a warning indicating that you must be 14 years of age and to not lie about your age, this does not prevent predators from talking to your children.  You can prevent unknown people from getting through to your child by requiring that a valid e-mail address be provided before that person can be added to the Friends List.

Also you can hide your children from being listed for all to see.  You can stop others from passing along e-mail links to download your child’s photo and restrict blog posts to only people you know.

Many users’ profiles will play music when you enter.  You can block the music so that your child will not be exposed to sexually and racially offensive lyrics. There is also the option of closing your child’s MySpace account. Here are some frequently asked questions and this is the page for safety tips.

There is also software you can buy to help keep your kids safe.  CyberSitter makes a program to help and 4SafeInternet provides a service that is billed monthly.  For a minimal fee, 4safe says they can block pornography and other offensive material.

NAPERVILLE — Investigators said a second accuser has come forward in the case of a Naperville man who allegedly used a popular Web site to contact teenage girls for sex, police said Friday.

John R. Wentworth, 27, was arrested May 9 near the Riverwalk in downtown Naperville where he allegedly had gone to meet whom he thought would be a 14-year-old girl.

A DuPage County Grand Jury indicted Wentworth on a felony charge of indecent solicitation of a child and distribution of harmful materials. Wentworth also was charged with attempted aggravated criminal sexual abuse and aggravated criminal sexual abuse.

Naperville police said the sex abuse charges are from contact Wentworth had with a 15-year-old Naperville girl. He had a Web page on MySpace.com where he posted sexually explicit photos of himself, police said.

The Naperville Police Internet Crimes Unit continues to investigate and wants to speak to anyone who had contact with Wentworth. His screen name was “Johnwinter78″ on MySpace.com and AOL instant messenger.

The telephone number for the unit is 630-305-5384

A “phishing” site that harvested the log-in and credentials of MySpace.com users was removed as of Friday from a California server, a security vendor reported.

A phishing attack involves tricking users into visiting a look-a-like webpage that asks for personal information, which is then sent to a hacker.

The rich trove of personal information stored on MySpace user pages is making the social networking site an increasingly attractive target for identity theft, said Ross Paul, a senior product manager at Websense, which makes security software.

The attack would not have been noticed by most users, Paul said. The attack starts when a user is sent a link through AOL’s instant-messaging program or a similar one.

The link is from someone in the user’s contact lists, asking the user to click the link to MySpace to view photos, Paul said. The link leads to a fraudulent MySpace log-in page. Once the victim enters the information, he or she is then transparently logged into the real MySpace pages, Paul said.

But a hacker then has access to personal information stored by MySpace, such as someone’s address and birthday, which could be used to open a bank account, Paul said.

A hacker can also tap other instant-messaging contacts or e-mail addresses to send out the link to the phishing site, which often is done using automated programs.

“The rising popularity of this kind of meeting place is obviously increasing the potential for financial gain,” Paul said. “The more information you give MySpace, the more at risk you would be if someone managed to get a hold of your log-in information.”

MySpace, started in 2004 and bought by News Corp. last year, counts at least 73 million users and is growing. MySpace’s “viral” networking model allows friends of friends to easily connect, but sexual predators have also used its features to meet underage victims.

As a result, MySpace appointed a chief security officer in April and implemented careful page monitoring.

MySpace might own your cyberspace at the moment, but a number of new social-networking sites are popping up, each going after the phenomenon’s sore spot: security.

In just two years, MySpace has become the most popular social-networking site on the Internet, with nearly 70 million members worldwide. But the site has recently been slapped with criticism following reports of pages created under false identities and illegal activity linked with personal pages (see “Twenty Students Busted In Latest Round Of MySpace-Related Busts” and “Cops Investigating Fake MySpace Page That Defamed Minnesota Teacher”).

Like many social-networking sites, MySpace doesn’t verify profiles and nearly all personal information posted on its pages can be read by anyone who has Internet access and becomes a member, a process that costs nothing and takes a matter of minutes (non-members can view some parts of pages and blogs, as well). Although the site has recently taken actions to tighten security — most recently hiring expert Hemanshu Nigam and launching a series of public service announcements on TV and the Web aimed at keeping kids away from Internet predators — some parents and Web users still have reservations about the site’s overall safety.

Now a pair of alternative sites, FAQQLY and Imbee.com, are launching partly in response to the call for a more secure social-networking experience. Most of their efforts are geared toward preventing users from meeting unwanted or dangerous new friends, encountering objectionable content and posting irresponsible or illegal photographs and information.

FAQQLY, which launched April 16, provides members with the option of keeping all personal pages viewable only by confirmed friends. The site’s core feature is a “Personal FAQ” page where friends can get to know each other better through Q&A. Other elements that aim to strengthen existing groups of friends include a “Share” page where friends can agree to borrow and lend items from each other, and a “Helps” page where a member can post a problem and friends can offer solutions.

The site’s creator, Dave Liu, says he created FAQQLY partially in response to highly publicized reports of the dangers of online social networking.

“I stopped using [MySpace] because I really don’t believe that it’s a safe place to be,” Liu said. “Our features are positioned to help existing friends grow closer together. We want to be a place where you can feel safe and interact with your friends without feeling like someone’s trying to stalk you.”

The founder of Imbee.com, Jeanette Symons, also believes the perils of online networking are real, but contends that such dangers are mainly due to users revealing too much information about themselves. Her site, which will debut in June and be geared toward 8- to 14-year-old kids, will allow parents to monitor their children’s blogs and remove any posts they deem potentially harmful. Daily or weekly snapshots of blog entries will be sent to parents, who also will be able to approve friends. The site will require credit card information to verify its users’ identities, even though its services will be free.

“A lot of the controversy is well-founded and a lot of the controversy is paranoia,” Symons said. “Should parents be concerned? Yes, but not just because they’re afraid of predators.”

Joshua Holmes, the founder of Christian social-networking site MyPraize, agrees, and argues that the extensive media coverage of incidents involving social-networking sites has brought undue attention to a relatively small problem.

“It’s still much safer to be in a community of 65 million members on a social-networking site than it will ever be to be in the middle of Manhattan,” he said.

MyPraize’s safety features begin with optional profile fields, so users can exercise their own judgment as far as how much personal information they reveal. First and last names are not even required, and an additional section is in the works that will advise parents on which safety precautions are available on the site.

While these newer sites are focusing on amping up security, older sites have significant safeguards as well. Google’s Orkut is invite-only, meaning individuals may only join if invited by existing members who can vouch for them. At LiveJournal, users can choose from several levels of privacy for each journal entry and photo they post: public, private, friends or even custom, which allows members to create their own privacy setting with any group of users. Profiles on Friendzy are only available to friends, and Yahoo! 360° allows users to choose who can view their personal blog and which members can send them personal messages.

Of course, the key to staying safe while exploring social-networking sites ultimately lies in the hands of the user. “What we always tell our users is you need to exercise individual judgment,” Kevin Krim, LiveJournal’s general manager, said. “If you wouldn’t do something to someone on the sidewalk, then you shouldn’t do the same thing online. It’s just common sense, but it’s easy to forget that.”

 Use caution when viewing spam websites, could hold viruses, adware and spyware.

http://apply.blinko.com/chat/?affil=14918-val

 Use caution when viewing spam websites, could hold viruses, adware and spyware.

Can anyone find out who the affiliate is with that number ?