If you get a spam email directing you to download new music at the social networking site MySpace.com, watch out. Its all a new phishing scam, according to security experts at Sophos, an IT security firm.
The company is warning that the aggressively distributed spam campaign uses the name of the popular MySpace site in an attempt to trick people into revealing sensitive information.
The emails have been spammed out to hundreds of thousands of computer users around the globe in the last week, luring them into clicking on links to a website posing as an online music store.
The subject headings of the spam emails typically read: "New message from (name) on MySpace sent on (date) (time)." Using the guise of a MySpace contact email, the spammers heighten the chances of potential victims opening the email. The message in the email then informs the user, 'You've got a new song from (name) on MySpace!', and invites them to click on a link to hear "your MySpace music."
However, rather than taking users to the MySpace website, it directs them to a site claiming to sell MP3 music, and encourages them to pay to download music. The site, which only had its domain name registered on October 5 and claims to be based in Lappeenranta in Finland, has no affiliation with the social networking website.
"By making the headlines nearly everyday the MySpace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes," said Graham Cluley, senior technology consultant at Sophos.
"This email has been so aggressively spammed out that many of its recipients are not even MySpace users, so common sense should tell them the email is unsolicited and is to be deleted. Anyone who follows the links expecting to get free music, however, is risking handing their email address, credit card numbers and other private information into the hands of spammers."
