While MySpace continues to boom with popularity, phishers are finding new ways to use this social networking service to their own advantage. One of the newest scams looks so legit that it may even trick security-conscious users. More details on this phishing scam (which is still live as of this writing) below:

Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim’s username and password to a remote server hosted in France.

Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace’s own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form.

Read the conclusion here.

It is a good idea to download one of these phishing toolbars such as Netcraft to aid in the identification of phishing scams. While there are many available to download (both for free and for a price), we have seen good results with the Netcraft and suprisingly the IE7 phishing toolbars.

Tags: Social Networking