MySpace Scams

Con-men have developed a phishing attack targeting MySpace music fans that highlights the evolving use of social engineering techniques in money-making spam emails.

Junk emails featuring the attack have been spammed out to thousands of computer users around the globe in the last week, to trick them into visiting one of a series of bogus websites that pose as an online music store. The emails typically pose as MySpace contact emails, increasing the chances that prospective marks will be duped by the messages.

The message in the email informs recipients, “You’ve got a new song from on MySpace!”, and invites them to click on a link that directs them to a site claiming to sell MP3 music.

The sites, one example of which only had its domain name registered on 5 October and claims to be based in Lappeenranta in Finland, have no affiliation with MySpace, UK-based security firm Sophos reports.

The goal of the attack is to trick prospective marks into handing over their names and credit card information to fraudsters. In a bid to make the bogus email appear more legitimate, con-men have included fake MySpace boilerplate text in their messages.

MySpace boasts an estimated 43m users, far more than any online bank, so even though their spam emails are being distributed indiscriminatingly they are far more likely to reach users of the targeted service, as net security appliance firm Fortinet notes (http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-28.html).

Fortinet has recorded more than 50,000 of these spam emails over the past nine days. The attack, which originally targeted surfers in Japan, has spread worldwide and uses a variety of bogus websites. Users foolish enough to attempt to purchase music albums from these sites (offered at $2 or less) will find that their purchases don’t do through. The sites are designed purely to harvest credit card details for subsequent fraudulent use.

Original Article

Subject: Bling Bling!!

Body: I have good news. I tried out this website and it is definantly worth your time. You get 15 free ringtones! That’s right, FREE!!! Give it a try, I don’t know how long they will be offering this.GET THEM NOW!

Appears that the link goes to a fake profile that redirects you to a an image hosted at http://stupidtoad.com/free/

Here is the spammers information provided by godaddy.com

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: STUPIDTOAD.COM
Created on: 08-Apr-06
Expires on: 09-Apr-07
Last Updated on: 13-Aug-06

Administrative Contact:
Jenson, Allen a_jenson@hotmail.com
3679 Sand Creek Rd
Farmington, Missouri 63640
United States
(573) 747-9498

If you find your friends posting this, tell them to change their password on their profile. It was most likely hijacked. These posts may also be hosted at other sites. If you see one, let us know and we will get the word out.

Q What is the right age for my children to have their own MySpace profiles? How would you recommend monitoring their Web pages?

A MySpace has more than 40 million members and gets about 15 percent of all the Internet hits in the country, so caution is advised. Officially a child has to be 14 to have a private MySpace page - meaning they have to invite ‘‘friends” to join their site. This does offer some control over who has access to your children’s profiles.

How mature are your children and do you have a good honest relationship with them? It is important to explain the dangers of putting information on the Internet for the world to see; there are many predators out there. Be sure your children are cautious when setting up a MySpace profile: They will be asked for all sorts of personal information that could be used for other purposes. How about just using a first name or nickname?

    Have your computer in a common area where you can monitor what is being exchanged on the Web site. Give constant reminders that your children’s online friends may not be who they seem. You can be invited onto your children’s sites and periodically ask your children to see their profiles. Of course, your children may set up multiple profiles under different names, so you may not be able to see everything they are doing online.

    Have you actually been to MySpace.com yet? Although people argue that this is a good vehicle for keeping in touch with peers, I am appalled at some of the stuff I’ve seen there. Why not set up your own profile so you can see firsthand what is going on and discuss your concerns and rules with your children.