Updated Okt 26th, 2006 [thanks to Amal, I'm Katinka on Myspace]

Phishing

stealing your online identity on Myspace -  www.myspace.com

Have you noticed weird bulletins posted by your friends lately? Instead of surveys and games, it looks like they're advertising ringtones for songs they don't even like, or telling you to smoke pot when they're not even a pot smoker?

If so, it probably means their MySpace profile has been stolen, and yours could be next.

Profile thieves are stealing MySpace profiles left and right so they can spam other people, and in some cases, they manage to steal more than just your MySpace.

Here's how they usually steal it:

They post a message, bulletin, or comment containing a Flash file. It might be disguised as a game, or lately there's one that says, "Click here if you like to smoke pot." But in reality, it's just a trap to steal your MySpace.

Without you realizing it, the Flash file automatically redirects you to a different website where the thief has set up a copycat of the MySpace login page. What it looks like to you is, "Oh, stupid MySpace logged me out again." And so you enter your username and password, and bingo -- they just stole your profile. Since you were on a copycat site, it didn't log you in. It just stored the email and password you entered in a big file, and now that profile thief is going to use your account to spam people.

But the danger doesn't end there. The person who stole your profile knows that you can always change your password and lock them out of your account. So now, they try to take over your profile entirely. If they see your email address ends in yahoo.com or hotmail.com, they go to your email login page and try to log in to your email account with the same password. Many people use the same password for their email account and their MySpace profile, and if you're one of those people, now the thief has access to your email, too.

And check this out -- once they have access to your email, they can start sending lost password requests to PayPal, AIM, Yahoo Messenger, eBay, or anywhere else you might have an account, and they can now reset your passwords on other systems, and even change the email address on your MySpace profile to their own address so you can never log in again!

Don't be fooled into thinking that MySpace will let you back in to your profile once it gets stolen and you can no longer log in.

If this happens, MySpace will ask you to send a digital picture of yourself so they can see if you are pictured in the account that you say was stolen. If the spammer has deleted all of the face pics in your profile (which they usually do), then MySpace won't do anything at all because you have no way to prove the profile is really yours.

But if they see your picture in the account you say was stolen, MySpace still won't give you access to the account -- they'll just DELETE IT. And now the spammer can't use it anymore, but you will have lost all of your messages, photos, and comments and you'll have to start all over again.

protect yourself from profile thieves

  1. Change your MySpace password right now - or right after you think you may have entered your password into a website that may have stolen your password. If you do it right after they stole it, they will not have the time to use your account information. Even if you haven't seen weird bulletins yet, your account info may have been stolen already and the thief just hasn't used it yet. They steal thousands of profiles at a time, and yours could be sitting in some spammer's list just waiting to be hijacked.
  2. Change the password to your email address right now. It's no good just changing your MySpace password, because if they can get into your email account, they can still steal your profile.
  3. IMPORTANT: Make sure your new e-mail password and your new MySpace password aren't the same ! (your online banking account should obviously have a unique password that you don't use anywhere else) So you need three unique passwords at least: one for unimportant websites like myspace, one for your e-mail, one for your online banking. If you think myspace is important - make that four. 
  4. Never click on a link in a bulletin, message, or comment that looks suspicious. It's probably a trap to steal your profile.
  5. If it EVER looks like MySpace has logged you out, don't enter your email and password. Instead, go to your bookmarked myspace.com to make sure you get on the real MySpace website and not a copycat site.
  6. If you see weird bulletins showing up from your friends, message or e-mail them right away to tell them their profile has been stolen and advise them to change BOTH their MySpace password and their email account's password. Most people don't see the bulletins their account is posting until it's too late. Again: tell them to make sure to use different passwords for both. 
  7. Repost this page by clicking <control> C and then COPY AND PASTE the whole message into a bulletin or blogpost.

Let's keep profile thieves from stealing our profiles and our friends' profiles!

If you like this page, copy and paste the following code into your profile to link to it and help other people prevent myspace hacking trouble:

<p><b><a href="http://www.katinkahesselink.net/internet/phishing-myspace.html">
Prevent people from hacking your myspace profile</a></b></p>