Security watchers have discovered a phishing attack targeting users of MySpace, the social networking website. The attack comes in the form of a hyperlink sent to potential marks in an AOL instant messaging message.
Users who follow the link are taken to a bogus website that spoofs the MySpace.com login page. The ruse is designed to fool users into handing over account information to crooks. Surfers duped into handing over this information are subsequently forwarded to the real MySpace.com website.
According to net security firm WebSense, the fraudulent site also sets a "cookie on the victim's computer, which prevents the phishing attack from being displayed on any subsequent visits".
The MySpace phishing email is another example of how email fraudsters are widening their sights beyond traditional targets, such as eBay and high street banks, alongside moves to develop more sophisticated scams.
A screenshot of the bogus website and more information on the attack can be found in this WebSense alert. ®