Security watchers have discovered a phishing attack targeting users of MySpace, the social networking website. The attack comes in the form of a hyperlink sent to potential marks in an AOL instant messaging message.

Users who follow the link are taken to a bogus website that spoofs the MySpace.com login page. The ruse is designed to fool users into handing over account information to crooks. Surfers duped into handing over this information are subsequently forwarded to the real MySpace.com website.

According to net security firm WebSense, the fraudulent site also sets a “cookie on the victim’s computer, which prevents the phishing attack from being displayed on any subsequent visits”.

The MySpace phishing email is another example of how email fraudsters are widening their sights beyond traditional targets, such as eBay and high street banks, alongside moves to develop more sophisticated scams.

A “phishing” site that harvested the log-in and credentials of MySpace.com users was removed as of Friday from a California server, a security vendor reported.

A phishing attack involves tricking users into visiting a look-a-like webpage that asks for personal information, which is then sent to a hacker.

The rich trove of personal information stored on MySpace user pages is making the social networking site an increasingly attractive target for identity theft, said Ross Paul, a senior product manager at Websense, which makes security software.

The attack would not have been noticed by most users, Paul said. The attack starts when a user is sent a link through AOL’s instant-messaging program or a similar one.

The link is from someone in the user’s contact lists, asking the user to click the link to MySpace to view photos, Paul said. The link leads to a fraudulent MySpace log-in page. Once the victim enters the information, he or she is then transparently logged into the real MySpace pages, Paul said.

But a hacker then has access to personal information stored by MySpace, such as someone’s address and birthday, which could be used to open a bank account, Paul said.

A hacker can also tap other instant-messaging contacts or e-mail addresses to send out the link to the phishing site, which often is done using automated programs.

“The rising popularity of this kind of meeting place is obviously increasing the potential for financial gain,” Paul said. “The more information you give MySpace, the more at risk you would be if someone managed to get a hold of your log-in information.”

MySpace, started in 2004 and bought by News Corp. last year, counts at least 73 million users and is growing. MySpace’s “viral” networking model allows friends of friends to easily connect, but sexual predators have also used its features to meet underage victims.

As a result, MySpace appointed a chief security officer in April and implemented careful page monitoring.

MySpace might own your cyberspace at the moment, but a number of new social-networking sites are popping up, each going after the phenomenon’s sore spot: security.

In just two years, MySpace has become the most popular social-networking site on the Internet, with nearly 70 million members worldwide. But the site has recently been slapped with criticism following reports of pages created under false identities and illegal activity linked with personal pages (see “Twenty Students Busted In Latest Round Of MySpace-Related Busts” and “Cops Investigating Fake MySpace Page That Defamed Minnesota Teacher”).

Like many social-networking sites, MySpace doesn’t verify profiles and nearly all personal information posted on its pages can be read by anyone who has Internet access and becomes a member, a process that costs nothing and takes a matter of minutes (non-members can view some parts of pages and blogs, as well). Although the site has recently taken actions to tighten security — most recently hiring expert Hemanshu Nigam and launching a series of public service announcements on TV and the Web aimed at keeping kids away from Internet predators — some parents and Web users still have reservations about the site’s overall safety.

Now a pair of alternative sites, FAQQLY and Imbee.com, are launching partly in response to the call for a more secure social-networking experience. Most of their efforts are geared toward preventing users from meeting unwanted or dangerous new friends, encountering objectionable content and posting irresponsible or illegal photographs and information.

FAQQLY, which launched April 16, provides members with the option of keeping all personal pages viewable only by confirmed friends. The site’s core feature is a “Personal FAQ” page where friends can get to know each other better through Q&A. Other elements that aim to strengthen existing groups of friends include a “Share” page where friends can agree to borrow and lend items from each other, and a “Helps” page where a member can post a problem and friends can offer solutions.

The site’s creator, Dave Liu, says he created FAQQLY partially in response to highly publicized reports of the dangers of online social networking.

“I stopped using [MySpace] because I really don’t believe that it’s a safe place to be,” Liu said. “Our features are positioned to help existing friends grow closer together. We want to be a place where you can feel safe and interact with your friends without feeling like someone’s trying to stalk you.”

The founder of Imbee.com, Jeanette Symons, also believes the perils of online networking are real, but contends that such dangers are mainly due to users revealing too much information about themselves. Her site, which will debut in June and be geared toward 8- to 14-year-old kids, will allow parents to monitor their children’s blogs and remove any posts they deem potentially harmful. Daily or weekly snapshots of blog entries will be sent to parents, who also will be able to approve friends. The site will require credit card information to verify its users’ identities, even though its services will be free.

“A lot of the controversy is well-founded and a lot of the controversy is paranoia,” Symons said. “Should parents be concerned? Yes, but not just because they’re afraid of predators.”

Joshua Holmes, the founder of Christian social-networking site MyPraize, agrees, and argues that the extensive media coverage of incidents involving social-networking sites has brought undue attention to a relatively small problem.

“It’s still much safer to be in a community of 65 million members on a social-networking site than it will ever be to be in the middle of Manhattan,” he said.

MyPraize’s safety features begin with optional profile fields, so users can exercise their own judgment as far as how much personal information they reveal. First and last names are not even required, and an additional section is in the works that will advise parents on which safety precautions are available on the site.

While these newer sites are focusing on amping up security, older sites have significant safeguards as well. Google’s Orkut is invite-only, meaning individuals may only join if invited by existing members who can vouch for them. At LiveJournal, users can choose from several levels of privacy for each journal entry and photo they post: public, private, friends or even custom, which allows members to create their own privacy setting with any group of users. Profiles on Friendzy are only available to friends, and Yahoo! 360° allows users to choose who can view their personal blog and which members can send them personal messages.

Of course, the key to staying safe while exploring social-networking sites ultimately lies in the hands of the user. “What we always tell our users is you need to exercise individual judgment,” Kevin Krim, LiveJournal’s general manager, said. “If you wouldn’t do something to someone on the sidewalk, then you shouldn’t do the same thing online. It’s just common sense, but it’s easy to forget that.”

By Cassondra Kirby

A board made up of city police and law officials met behind closed doors today to discuss the cases of six officers who have been administratively charged for content and postings they made on the popular Web site MySpace.com.

The six officers — Gene Haynes, Joshua Cromer, Aaron Noel, Richard Sisk, Adam O’Quinn and Paul Stewart — were present for the meeting along with their supervisors, said Maj. Mike Bosse, commander of internal affairs and chairman of the disciplinary board. The meeting lasted more than four hours.

Bosse said the board made discipline recommendations in each of the officers’ cases. Although he could not release the specifics of the recommendations, Bosse said punishment can include anything from a written reprimand to termination.

The board will forward its recommendations to Police Chief Anthany Beatty, who can accept or adjust them. Beatty will then present his discipline to each officer, probably within the next couple of weeks.

The officer can accept Beatty’s decision or reject it. Rejecting the decision would send the case to the Urban County Council for a hearing. If the council finds the officer’s conduct improper, members would decide on the punishment.

“The board carefully considered all the aspects of each individual case and made recommendations based on evidence and the officer’s response to the questions,” Bosse said. “I think the board was professionally conducted with the interest of the public as well as the rights of the officers in mind.”

The six officers could not be reached for comment or did not return phone calls today.

The police department began investigating the MySpace.com Web sites on March 20, when another police officer informed a supervisor about the sites. That officer was “very disturbed” by some of the content on the Web pages, Beatty said.

On the Web pages, officers discussed their jobs, commented on arrests they had made and used derogatory language about gays and the mentally disabled. Officers said they worked for the “snobby people of Lexington” or the “Lexington Fayette Urban Communist Gov. PD.” Many of the pages featured Lexington police badges or photos of officers in uniform.

Lexington Mayor Teresa Isaac could not be reached for comment today.

On March 29, Haynes and Cromer were relieved of sworn duties with pay, meaning they may not make arrests until the disciplinary process is completed. They continue to work for the police department but turned in their badges, police cars and weapons. The other four continue to work as arresting officers as disciplinary proceedings continue.

The six were administratively charged with violations including interfering with a criminal case, acting in a way that does not reflect favorably on the division, and breaking guidelines that officers are required to follow when making public statements.

Police officials did not elaborate on why Cromer and Haynes were relieved of their sworn duties, but Cromer’s Web site was particularly controversial because of content relating to Cromer’s arrest of country music star John Michael Montgomery.

Montgomery was charged with driving under the influence of alcohol in February. On Cromer’s site, officers discussed the case and congratulated Cromer on such a high-profile arrest. His site also included an altered photograph — posted by Haynes — of Montgomery and a fan, in which Cromer’s face had been placed on the body of the fan.

Cromer’s page, along with many of the other officers’ pages, has since been deactivated.

Reach Cassondra Kirby at (859) 231-3266 or 1-800-950-6397, Ext. 3266, or ckirby@herald-leader.com.

Two Broadview Heights men are accused of raping young girls they met on the web site MySpace. Channel 3 News first told you about 21-year-old Albert Azolino back in March.

He is accused of sexually assaulting a 14-year-old Strongsville student lured to his home through internet chat.

Cuyahoga County Prosecutor Bill Mason says Azolino and 33-year-old friend Timothy Norman face rape, unlawful sexual contact with minors, and pandering charges.

The prosecutor warns parents to be leery of the kids spending time on this web site.

“It’s like a catalogue for predators,” Mason said. “It’s got the pictures of the kids so anybody who wants to get online — they go on to myspace.com, look at the pictures and click on it. Up comes the profile of the person they just click on.”

Mason says the suspects would offer alcohol to the kids then photograph them during sex acts.

If convicted the two could face life in prison.