MySpace Phishing Attack Appears on 3000 Pages
Kelvin Beecroft writes on Mashable!:
Earlier this week I detected many fake MySpace login pages setup for phishing login credentials. I thought there was something important to report but after further investigation I found that these pages did absolutely nothing because the HTML missed an important attribute in the post form. This is the “action” attribute which tells the form what to do when you click login. “They’ve been neutralized by my MySpace”, I thought. But I was wrong.More here.
A proportion of these pages are today active and will steal your email and password if you give it to them. The fake login pages are very convincing and even fooled Firefox into automatically filling in my credentials. Even cautious Internet users could get caught off guard by this trick.
It appears they then use the compromised accounts to spam other MySpace users via bulletins. But they do more than just send out spam. They also add their fake login code to the compromised pages in a tricky way so that it hides the original page underneath, giving them even more fake login pages.
posted by Fergie @ 10/27/2006 10:18:00 PM
0 Comments:
Post a Comment
<< Home