Thursday, September 14, 2006

MySpace Phishing Scam

Hi Reddit dudes plz help me get my pw back! :)

Tonight when viewing a MySpace profile I noticed I got redirected and MySpace asked me to login.

No problem.

Except for when Firefox asked me if I wanted to save my username and password. Do what ? Firefox already has this saved for the MySpace.com domain...hrmm something didn't smell right.

A quick glance at the address bar confirmed my guess - it was a web site involved in a MySpace username and password phishing scam.





The page looks exactly like the MySpace login screen. I took the liberty of trying to sign in under the fake username "hey moron" with an equally entertaining password. Amazingly enough the page pretends to log you in then redirects you to your actual MySpace homepage.

This is able to work because you were never actually signed out of MySpace - they merely pretended you were. Then when you give them any username and password they send you back to your MySpace page because after all - you're already logged in.

Moral of the story - always make sure you're logging into myspace.com/ and not myspace.com.duh.net/

Technorati Tags
[ MySpace Phishing ]
[ MySpace Hacking ]

No comments:

//]]>