MySpace Phishing Scam Exploits User Passwords

When you deal with the internet, there will always be people up to no good. More and more people are logging on to www.myspace.com, including thieves. Users are being tricked into giving up their passwords, leaving them open to all sorts of problems.

Punch in your password on any website, you assume it's secure. MySpace users are finding out it may not be so secure after all.

"You have to be careful," computer expert Rusty Batey told WTOC. "You just have to watch."

Rusty knows all too well. The I-Tech for Business employee is also the father of a teenage daughter who uses MySpace.

"It's a bit troubling," he said.

MySpace.com is no stranger to hackers. Rusty says "phishing," a common kind of online fraud, happens all the time. Crooks create a fake link trying to hook unsuspecting victims.

"Something will pop up saying you have been logged out and need to log back in. When you log back in, you are going to another domain, when you think you are at MySpace.com," Rusty explained. "That person takes your info and goes back, logs in and he or she can do whatever they want to do."

Monday, some MySpace users encountered the same exact scenario. On MySpace, there is a bulletin board with messages. A bulletin appears saying the person has brand-new pictures. When you click on the link to see the pictures, a window pops up, which looks like a legitimate MySpace.com message, saying you have been logged out.

But, you really haven't. When you type your password in, minutes later, the same bulletin appears, with your name on it, but you didn't post the bulletin. The hacker has your password and the cycle continues as he collects passwords.

"They are trying to hook as many people as possible and whatever they get is a bonus for them," Rusty said.

Not only is your MySpace profile in danger, but any other sites users are registered with.

"People use the same password over and over," Rusty said. "Crooks can try to get into anything, including your AOL, Bank of America or Wachovia and try and log in."

Rusty says the first step is to pay attention for bulletins you did not post, and be aware it is happening.

"Use common sense," he said.

Besides using common sense, if you think you are a victim of MySpace phishing, immediately change your password and delete all cookies and temporary internet files from your computer. Then, contact the website involved and let them know what happened.

MySpace.com has now blocked the link in question, but Rusty says this kind of scam will happen again. He also recommends changing your password on a regular basis.

Reported by: Don Logana, dlogana@wtoc.com