Security watchers have discovered a phishing attack targeting users of MySpace, the social networking website. The attack comes in the form of a hyperlink sent to potential marks in an AOL instant messaging message.

Users who follow the link are taken to a bogus website that spoofs the MySpace.com login page. The ruse is designed to fool users into handing over account information to crooks. Surfers duped into handing over this information are subsequently forwarded to the real MySpace.com website.

According to net security firm WebSense, the fraudulent site also sets a "cookie on the victim's computer, which prevents the phishing attack from being displayed on any subsequent visits".

The MySpace phishing email is another example of how email fraudsters are widening their sights beyond traditional targets, such as eBay and high street banks, alongside moves to develop more sophisticated scams.

A screenshot of the bogus website and more information on the attack can be found in this WebSense alert. ®

Related stories

• Cybercrooks lurk in shadows of big-name websites (12 December 2007)

  https://www.theregister.com/2007/12/12/phishing_redirection/

• Grifters find rich pickings on social networking sites (17 May 2007)

  https://www.theregister.com/2007/05/17/social_networking_hack_risk/

• MySpace sues Spamford Wallace (28 March 2007)

  https://www.theregister.com/2007/03/28/myspace_sues_spamford/

• eBay goes hacker hunting in Romania (8 March 2007)

  https://www.theregister.com/2007/03/08/who_is_vladuz/

• Script wreaks havoc on MySpace (31 January 2007)

  https://www.theregister.com/2007/01/31/myspace_spam/

• AOL phishing fraudster found guilty (17 January 2007)

  https://www.theregister.com/2007/01/17/aol_phishing_fraudster/

• Phishing worm hooks MySpace users (5 December 2006)

  https://www.theregister.com/2006/12/05/myspace_phishing_worm/

• Social sites' insecurity increasingly worrisome (5 December 2006)

  https://www.theregister.com/2006/12/05/social_sites_vulnerable/

• IE and Firefox blighted by fake login flaw (23 November 2006)

  https://www.theregister.com/2006/11/23/fake_login_flaw/

• Social Security phishing scam surfaces (9 November 2006)

  https://www.theregister.com/2006/11/09/social_security_phishing_scam/

• MySpace phishing scam targets music fans (14 October 2006)

  https://www.theregister.com/2006/10/14/myspace_phishing_scam/

• Samsung Telecom plays unwilling host to Trojan (8 September 2006)

  https://www.theregister.com/2006/09/08/samsung_telecom_spyware_alert/

• Barclays scripting SNAFU exploited by phishers (15 August 2006)

  https://www.theregister.com/2006/08/15/barclays_phish_scam/

• Social sites a breeding ground for malware: report (10 August 2006)

  https://www.theregister.com/2006/08/10/social_sites_breed_malware/

• MySpace adware attack hits hard (21 July 2006)

  https://www.theregister.com/2006/07/21/myspace_adware_attack/

• Networking sites could help hackers (14 July 2006)

  https://www.theregister.com/2006/07/14/networking_site_risk/

• Gmail phishing email offers $500 prize (12 July 2006)

  https://www.theregister.com/2006/07/12/gmail_phish/

• MySpace, a place without MyParents (3 July 2006)

  https://www.theregister.com/2006/07/03/myspace_parenting/

• 1,000 Aussies caught in NAB phishing attack (19 June 2006)

  https://www.theregister.com/2006/06/19/bank_details_aussies/

• Billy Bragg prompts Myspace rethink (8 June 2006)

  https://www.theregister.com/2006/06/08/blly_bragg_myspace/

• Why phishing catches punters (7 June 2006)

  https://www.theregister.com/2006/06/07/why_phishing_works/

• Teen hack suspects charged over MySpace extortion bid (25 May 2006)

  https://www.theregister.com/2006/05/25/myspace_hack_charges/

• Interactive TV to capture MySpace generation (25 May 2006)

  https://www.theregister.com/2006/05/25/mynetworktv_becomes_myspacetv/

• MSN Billing Phisher jailed for 21 months (24 May 2006)

  https://www.theregister.com/2006/05/24/msn_phisher_jailed/

• Phishing goes international (26 April 2006)

  https://www.theregister.com/2006/04/26/international_phishing_survey/

• Why phishing reels punters in (31 March 2006)

  https://www.theregister.com/2006/03/31/phishing_study/

• MS lawsuits aim to reel in phishers (20 March 2006)

  https://www.theregister.com/2006/03/20/ms_phishing_lawsuits/

• Phishing fraudsters offer cash reward (14 March 2006)

  https://www.theregister.com/2006/03/14/chase_phishing_scam/

• AOL sues mystery phishers for $18m (1 March 2006)

  https://www.theregister.com/2006/03/01/aol_phishing_lawsuits/

• Police collar AOL phishing suspect (27 January 2006)

  https://www.theregister.com/2006/01/27/aol_phishing_suspect_arrest/