I was anonymously sent this link to an article talking about MySpace phishing attacks. The article talks about the newest phishing scam, which essentially just puts username and password fields on user’s profiles, asking for their information. Same old attack, just another day. But this is the part of the article that is actually noteworthy. The MySpace CSO, Hemanshu Nigam, suggests the following will help you from phishing attacks on their site:
But MySpace’s Nigam offers this advice to prevent phishing scams as well:
* Install the latest operating system and auto-install for critical updates.
* Use a firewall.
* Use anti-virus and anti-spyware software and keep them updated.
Does anyone else see a problem with this? Absolutely none of these will protect you from MySpace phishing attacks. So the CSO of MySpace either doesn’t understand the problem he faces, or he has no idea how to help consumers solve that problem. Either way, it’s scary. There are possible solutions to the problem in the browsers, but those are a long ways off. I’ll be talking about a number of them this week at the World OWASP/WASC conference in San Jose. In the mean-time, ignore the CSO of MySpace’s advice. His advice may help you solve other security issues, but not MySpace phishing attacks, unfortunately.