MySpace

Date:06.01.2006

Threat Type: Phishing Alert

Websense® Security Labs™ has discovered a phishing attack that attempts to steal the account information of MySpace.com users. A hyperlink is first delivered to victims via AOL Instant Messenger. Users who follow this link are taken to a fraudulent website that spoofs the MySpace.com login page. This page captures their MySpace account information and then forwards the user to the actual MySpace.com website.

The fraudulent site also sets a cookie on the victim's computer, which prevents the phishing attack from being displayed on any subsequent visits.

The phishing site is located in California and was up at the time of this alert.

Sample screenshot: