Myspace: November 2008 Archives

Bands on Myspace have been targets of hackers, scammers and phishers for quite some time - grab the account of a popular artist or twelve, and all Hell can break loose. I was surprised to see this when doing a few searches on Myspace earlier today:

oasis.gif
Click to Enlarge

As you can see, the "official" band profile is surrounded by a striking red border (no, we didn't add that ourselves) and it says "Myspace Verified - Official Artist" at the top. This is a great way to cut down on the possibility of scammers impersonating legit acts. Not sure how long this feature has been in place, but a good idea methinks...
A contact of mine passed this URL over to me - it was posted to the Myspace page of his friend a while ago, and he thought there might be something a little odd about it. The site is called

friends-to-friends-only.com

When you arrive on the page, you'll see this:

Snap1.jpg
Click to Enlarge

The text reads "Our system indicates that a pic from your IP address has been uploaded to this site within the past 48 hours". In addition, an incredibly creepy MP3 recording says the same message out loud. Note the blurred out images in the background, too - all in all, it's a remarkably freaky and somewhat worrying thing to see upon arrival. At the top of the page (not in the screenshot), it says:

"Privacy Note: We never send SPAM to your email address. We never sell your personal info.
This is NOT a MySpace or Facebook login page. MySpace/Facebook users are not authorized to participate on this website."


That's a strange thing to say, isn't it?

Click "Ok", and...

Snap2.jpg
Click to Enlarge

Already, you're being asked for the name of your friend, and your full name complete with an email address. At this point, you'd have absolutely no idea what was going on here. There's a definite sense of them wanting to make sure everything you do is correct - hover over the input boxes, and a popup appears that says "It is very important that you type your email address accurately so that we can match our records correctly".

At this point, most users would probably be wary of Phishing or some form of EMail harvesting.

The next box makes things even more alarming:

Snap4.jpg

"You may use current password"? This begs the question - what current password? You've never been to this site before, and you don't have one. But wind back a little bit, and remember that you've already handed over an EMail address on the previous question. As this link was appearing on Myspace pages, it's a good bet that a portion of users will have entered the EMail address used for their Myspace account.

Cynics would argue those same users might think they're supposed to use their Myspace password above, thus handing complete strangers their Myspace login. Yes, the site says "Myspace users not allowed", but this seems somewhat redundant - if this link appears on a Myspace profile and that user visits, they're certainly not going to leave the site after being panicked into thinking the site has mysterious pictures of them being stored on it.

And who could blame them?

Either way, hit Submit and you're presented with an alert that says they need to know how you found this site. The text reads:

"Most people are sent a link to this site on their GMail, Hotmail, Yahoo, Google or Facebook account". It then lists said services, along with a few others underneath. Most of the links lead to the same URL, but click the "I got here from Myspace" link, and you're presented with the following:

Snap7.jpg

There's no other explanation given, but it seems somewhat peculiar that Myspace have taken the step of trying to remove all association from whatever this website is offering. Select one of the other options, and you'll be hit over the head with a popup that says

"FINAL STEP: Our system indicated that your friend recently bookmarked and reserved this page just for you!"


All nonsense, of course. But jump through some more hoops anyway, and...

Snap9.jpg
Click to Enlarge

...are we there yet? The end result of all this is......

Snap10.jpg
Click to Enlarge

....the worst attempt at humour I've seen in a long time. Needlessly worrying people with a load of fictitious nonsense about "pictures", confusing and pointless prompts that could theoretically cause people to hand over Myspace login information at different stages of the process......not a great combination. And we're not done yet. Click away from the picture above, and you're presented with a highly detailed "What Next" guide:

Snap11.jpg

It's the next bit that really cracks me up, though:

Snap12.jpg

I don't know about you, but I'm not sure I'd want my users to visit a site like this anyway. It might be entirely harmless - and to be fair, the EMail address I created just to use on this website has never been sent a single spam mail - but the package taken as a whole makes me distinctly uncomfortable.

There's also a lot of alternate URLs leading to the same site - one brave soul has done a lot of digging on this, and come away with a jackpot of web addresses. They're also quite adamant on the notion that this whole thing is a Phishing scam - while I'd like to take a more "wait and see" approach where that's concerned, I'd personally advise anyone reading this not to use this particular website, regardless of the URL used to get there initially.

Pages

About this Archive

This page is a archive of entries in the Myspace category from November 2008.

Myspace: September 2008 is the previous archive.

Myspace: February 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.