Social Web sites breeding identity theft

Attack like shooting someone at close range

Security firm Sophos has discovered a phishing scam trolling for user passwords to access MySpace pages.

According to Sophos the scam was done to highlight flaws in Web browsers, with those responsible for the scam directing victims to their stolen details posted online.

Sophos claims by exposing the MySpace logins and passwords, thousands of people are at risk from identity theft.

Ron O'Brien, Sophos senior security analyst, said by directing people to the stolen information criminals and deviants have been armed with direct access to thousands of adults and children.

"The delivery of the information surrounding the browser's flaws was irresponsible," O'Brien said.

"In most cases those who identify these flaws and phishing sites go straight to the affected vendor in an effort to remove the phishing Web site and, hopefully, to influence a flaw fix.

"The do not publicly publish the results of the scam."

Approximately 60,000 users have been targeted by the scam.

Paul Ducklin, Sophos Asia Pacific head of technology, said the idea of a fake login page is common for phishing scams, adding that people often put information on MySpace pages that are much harder to change than credit card numbers in the event of identity theft.

"Saying the scam was done to reveal browser flaws is like saying let's see what happens if you shoot someone at close range", Ducklin said.

"Phishers once only wanted bank account details but now that is not all they are after because personally identifiable information may now have criminal value."

Join the newsletter!

Error: Please check your email address.

More about Sophos

Show Comments

Market Place