Identity Theft – Spear Phishing – MySpace

September 11, 2007

What do Identity Theft, Spear Phishing and MySpace have in common?

Everybody’s on Myspace – it’s gotta be safe!

MySpace, Facebook and other social networking sites are great ways to share news, photos and details of your life with friends and family. We all love using these social networking sites that let us create a personal statement on the web. We collect ‘Friends‘ and because they’re our ‘Friends‘, of course we can trust them.

Identity thieves have also figured out that ‘trusting friends’ thing. It’s really easy to surf MySpace and find profiles containing lots of personal information like birthdays and addresses. Then you also write about the music you like, your favorite food, the parties you went to, your family… you know what I mean.

A thief, posing as a ‘Friend’, will send you messages and develop a relationship that feels, well, friendly. Then they’ll send messages with pictures or links to click on. Or maybe a file to download. Normally, you’d blow this off as spam if it arrived in your email inbox. But because it came from a ‘Friend’ and had personalized info about you, you click without giving it too much thought.

This is called ‘Spear Phishing’. It’s a highly targeted type of phishing attack aimed directly at you. Spear Phishers want to trick you into revealing more of your personal info like credit card numbers, login passwords or phone numbers. They know you’re more likely to let your guard down – after all, they’re your trusted ‘Friend’.

How many times have you downloaded an unknown file from another person’s profile? The National Cyber Security Alliance (NCSA) estimates at least 83% of users do. This downloading habit is especially widespread with teens who tend to be much more trusting and think it’s socially acceptable to do. Most of the time it’s harmless. But not always.

ID Thieves throw bait in the water and wait til you’re not paying attention and bam – they nail you. Once they get your personal info, you can’t get it back. There’s no undoing it. Too bad – so sad.

Just clicking on a link can infect your computer with all kinds of malware if you don’t have up-to-date virus and spyware protection. Keystroke loggers will grab all your usernames, passwords and sites you visit.

Keep enjoying MySpace but keep your guard up.  Yes, everybody is on MySpace – even the bad guys.


Got something to say?