Houston Community News >> Phishers Penetrates into MySpace

7/31/2006 -- Rob Newland is a pro at dodging spam e-mails and suspicious pop-up windows as he surfs the Web. But he lets his guard down when he is checking friends' profiles and clicking through blog posts on the social networking Web site MySpace.

                                            Advertisement

"I'm thre to meet new people, so I follow random messages and links," the 24 year-old D.C. bartender said. "It seems harmless."

Internet thieves are banking that the millions of users who log on to social networking sites, such as MySpace, Facebook and Friendster, are just as trusting, leaving them vulnerable to financial fraud and identity theft. As viewer ship skyrockets, growing  by 50 percent in the past year according to Nielsen/NetRatings, such sites are becoming frequent places for scams. The combination of young users and a culture that encourages sharing personal details presents opportunities for increasingly sophisticated methods to lure information.

Las month, the FBI warned MySpace users of a phony bulletin post urging people to click on a link to "check out old school pictures." A virus seeking financial information recently invaded Orkut, Google's social networking site. Early last month, unsolicited instant messages attempted to lure MySpace users into divulging account information, and about a dozen other sites that spoof the MySpace log-in page have been discovered.

Because people reveal so many intimate details on the sites, scammers "can look at those profiles and use that information to better hone their attack," said Ron Teixeira, executive director of the National Cyber Security Alliance.

Such come-ons are called "spear phishing," Teixeira said. Newland became a victim of one of those attacks after a spear phisher posted phony link on a MySpace bulletin, which directed all of his 89 friends to a fake site, MySpase.com, asking for their user names ad passwords.

"We all fell for it," he said. "I was lucky enough to catch it."

Phishing attacks have traditionally taken the form of spam e-mails that appear to come from legitimate sites such as eBay, PayPal or banks, often duping consumers into giving up account numbers or passwords.

"There's an implied state of trust on social networking sites. You are generally talking to people you know or want to know, so you are more vulnerable, said Alfred Huger, senior director of engineering for Symantec Security Response. Phishers started targeting instant messenger users about two years ago, he said, but meeting sites are "the new frontier for ripping people off."

(Contributed by Kim Hart)