This application requires Javascript for optimal performance.

MySpace Social Engineering Threat

The Fortinet Response Team has discovered another social engineering and phishing threat that is related to MySpace, the popular social networking website.

The threat comes in the form of an eye-catching message from MySpace, which leverages the web site’s usual style and text for updates. The spoofed email uses a plain-text format that bypasses common filtering technologies. In addition, the sender’s email server is positively spoofed; one detection originated from a bank in Japan.

Once the email hits the inbox of a MySpace user, the percentage of clicking-through the URL is believed to be more likely given that the MySpace is a website to publicly share pictures, videos, music, opinions and more. “This kind of deception resembles criminal renting a Porsche and trying to pass it off as his or her own in order to gain the trust of innocent victims,” said Bryan Lu, virus researcher for Fortinet.

Fortinet MySpace Graph

The URL in the email forwards the user to a legitimate-looking MP3 download site. The list of artists, albums and songs are structurally indexed. Registering as a new member and adding selected albums to the cart works much like selecting books from Amazon.com. Finally, before checkout, the site is forwarded to a secured website where one can add a fund into the account ranging from $15 to $50.

Worth-Investing

With $15 one can download as many as five albums compared to just one song from iTunes. To build the entire phishing site only takes a few ingredients: a Web page programmer, web server and $30 for the domain listing including the secured site. After it’s fully baked, this cake is primed for eating – and stealing. This social engineering threat is undeniably for getting the attention of MySpace users and for a intention of stealing credit card information.

Threat Activity

Fortinet has recorded more than 50,000 of these spam emails for the past nine days. At the start, as high as 90 percent were primarily targeted to Japan. Over time, the threat gradually transfers the threat load across the world. From the graph below, the highest detection for a particular hour is 672 as of early today.

Fortinet MySpace Graph

There are several threads of this spam trail, with many emails linking to different URLs. The spammers seem to be generating new URLs as a way to bypass antispam engines that blacklist malicious emails based on specific web links. However, all of these URLs re-direct potential victims to the same phishing web site.