James Zigrino
It's been well know for a while now that there are distinct advantages in infiltrating Social search and networking sites such as MySpace.
As early as July this year the Washington Post ran stories of how fraudsters were using MySpace to "tap into your network of trust". By using compromised MySpace accounts as a bridgehead into online networks of friends, they could introduce Trojans to target victims computers to record username and password data for other sites, such as online banking.
Online security site Netcraft this week reports that the MySpace site has been compromised with a spoof login form hosted on a cleverly named account hompage, which redirects the MySpace logins to a phishing server with a Spanish registered domain hosted in Paris, France. According to Netcraft, "it is convincing and even security-conscious users are at risk of becoming victims". At the time of writing, the MySpace account in question had been deactivated, however the principle on which the threat was based remained.
It's early days, but to users of online banking and services such as PayPal, this kind of activity will already be familiar and the direction it is moving only too clear.
Earlier this year, MySpace clearly saw the writing on the wall and hired a Web Security expert to address this new threat, in response to reports from Websense Inc of a similar compromise.
However, MySpace is simply only one amongst many such social networking sites, which can target almost any arena including news and web search. It's a red-hot area, new social sites now appear and proliferate at an astonishing pace, and web marketers are scrambling to exploit the new opportunities they offer.
However, clearly there value to fraudsters as a shortcut to establishing misplaced trust online makes many of them a prime target and many sites will be nowhere are prepared as forward thinking MySpace. Addressing threat of phishing and safeguarding users may be the biggest challenge that social sites now face.
