Today I received the following email:
Subject: New message from Stephen on MySpace sent on Oct 06 08:10:01 -4 2006What's interesting is:
From: New MySpace Message <firstname.lastname@example.org>
You've got a new song from Stephen on MySpace!
Click here to hear your MySpace music:
Click here to get 5-free songs downloaded to Your Space:
At MySpace we care about your privacy. We have sent you this
notification to facilitate your use as a member of the MySpace service. If
you don't want to receive emails like this to your external email account
in the future, change your Account Settings to "Do not send me
Click here to change your Account Settings:
MySpace Inc. - 1900 Wilshire Blvd. 2109, Los Angeles, CA 90403-5400 USA
©2006 MySpace Inc. All Rights Reserved
- I don't have a myspace account, so this is clearly some form of SPAM
- The links in the mail all have a hostname that is within mp3shest.com, not myspace.com - a dead ringer for SPAM Attacks)
- The domain (mp3shest.com) was registered yesterday (raises BIG red flags for me)
At first I thought this was a phishing attempt, but why would someone want to phish an account there? I understand attempts to phish ebay, paypal, my bank, etc. I don't understand phishing MySpace.
Another thought, since the message seems to be directed at getting me to download a song, perhaps the real attack is to get me to download a trojan. I poked at the site with care (with Mozilla, not IE, of course), but didn't get too far before I just closed the browser.
Moral of the story: If your kids are using email, talk to them about phishing, scams and trojans. If they are also using MySpace, mention this attack in particular.
UPDATE: 14 Oct 06 - I received a new one of these today, this time with the system name myspace.mp3vosem.com which again is in a domain (mp3vosem.com) that was only registered recently (11 Oct 06) and registered by the same guy (Alex Rodrigez) theoretically in Finland registred in a domain registrar in China (Capitol Networks PTY, LTD). - For those who don't know, you can use the whois program (available at man locations online including Network Solutions) and just enter the last two portions of the sytem name (mp3vosem.com in this case).
Another interesting tidbit is that they must be getting hit by SPAM filters because they are adding a whole bunch of random junk at the end of the mail to try to confuse the filters.
UPDATE 2: 14 Oct 06 - they must be having some level of success because now I'm getting songs from Debra and John in addition to Stephen and they've tried several addresses of mine including one that I use exclusively with Ebay (guess I've gotta change that one). I think the hope here is that one of the names will match one of my friends' first name and so I will be more likely to think it legit -- another thing to be careful with (messages that look like they are from a real friend).