Phishing at MySpace

Not all phishing attacks target sites with obvious financial value. Beginning in mid-March, we detected a five-fold increase in overall phishing page views. It turned out that the phishing pages generating 95% of the new phishing traffic targeted MySpace, the popular social networking site. While a MySpace account does not have any intrinsic monetary value, phishers had come up with ways to monetize this attack. We observed hijacked accounts being used to spread bulletin board spam for some advertising revenue. According to this interview with a phisher, phishers also logged in to the email accounts of the profile owners to harvest financial account information. In any case, phishing MySpace became profitable enough (more than phishing more traditional targets) that many of the active phishers began targeting it.

Mal davon abgesehen, dass es eigentlich nur eine deutsche Community gibt, wo sich soetwas lohnen würde (aufgrund der Aussicht auf Daten und Erfolg),… man sollte durchaus ein Auge auf solche Dinge haben. Insgesamt sehr interessanter Artikel beim Google Online Security Blog, wenn er auch zum Ende hin sich eher an die Anfänger wendet (“immer schön das Anti-Viren-Tool updaten…”).