Computer Crime Research Center


New IM-based attacks

Date: June 07, 2006
By: Dan Kaplan

Security teams have discovered a new instant messenger (IM)-based phishing attack aimed at stealing the account information of users of the popular social networking site MySpace.

The scam begins when AOL Instant Messenger users receive a hyperlink promising new photos from someone in their contact list. But clinking the link leads the victim to a bogus California-based website that spoofs the log-in page, according to a Websense Security Labs alert. The fraudulent site captures MySpace usernames and passwords, and then forwards users to the real site.

The malicious attacker can then access the victim’s personal information, such as address and birthdates, stored on their MySpace account. The scam has since been shut down, Websense officials said in published reports.

Accessing the fake site also automatically installs a cookie on the victim’s computer, preventing the phishing attack from being displayed on future MySpace visits, the Websense alert said.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo