Industry guru Dave Taylor answers free tech support questions about a wide variety of business and technical topics, including blogging, Google AdSense, MySpace, Sony PSP, Apple iPod, Mp3 players, management, Linux, SEO, Mac OS X, Facebook, Twitter, LinkedIn and Microsoft Windows.

Did I just get a MySpace phishing attempt?

I'm pretty confused: I just got what looks like an email from MySpace that says "Jason" has sent me a song, but it points me to a completely different Web site. I attach the message: is it legit or are they phishing for my MySpace account information?


Dave's Answer:

Here's the message you sent me (in part):


From: "New MySpace Message" <monosporous@earthlinkbizdsl.com>
Subject: New message from Jason on MySpace sent on Oct 06 03:20:01 -4 2006
Date: Fri, 06 Oct 2006 08:29:42 +0100

You've got a new song from Jason on MySpace!

Click here to hear your MySpace music:
http://myspace.mp3shest.com/?reloc.cfm=6&id=3168

Click here to get 5-free songs downloaded to Your Space:
http://myspace.mp3shest.com/?reloc.cfm=6&id=316890419_5free

-------------------------

At MySpace we care about your privacy. We have sent you this
notification to facilitate your use as a member of the MySpace service. If
you don't want to receive emails like this to your external email account
in the future, change your Account Settings to "Do not send me
notification emails"

Click here to change your Account Settings:
http://myspace.mp3shest.com/?account.settings=update=6&id=3168

MySpace Inc. - 1900 Wilshire Blvd. 2109, Los Angeles, CA 90403-5400 USA

©2006 MySpace Inc. All Rights Reserved


It certainly looks like a message that MySpace would send out. In fact, when I have a new message on MySpace, the subject line indeed is identical, but a bit of digging reveals what's really going on...

Surprisingly, it's not a phishing attempt, though, it's just a sneaky way for a illegal music download archive site called Your MP3 Song to generate traffic.

I drew this conclusion by first recognizing that any site that would use a fake MySpace message to draw traffic, then digging around in the domain name records. After all, on first glance, it's not impossible that MySpace could own a music download service.

A quick visit to a DNS and whois server reveals, however, that the registrant for uxmp3.com is a chap out of Finland called Alex Rodrigez. I then plugged his phone number into Google and found this: phone search results.

If you check it out, you'll see that he's associated with reported phishing attempts on the German site phished.de and resellerratings.com.

Going back to the MP3 song site, there are a variety of things that set off alarms in my head, including no indication that there's a partnership with any record labels (which makes it hard to believe these are legal music copies), the surprisingly low pricing model ($0.10/song, which is less than the royalty on a given song according to Apple's breakdown of its $0.99/[legal!] song pricing model). The kicker, though? In the Terms of Service is this gem:

"All materials presented on this site are avaliable for the distribtution over the Internet in accordance with the license of the Russian Organization for multimedia and Digital Systems (ROMS) and intended for personal use only. Further distribution, resale or broadcasting is strictly prohibited."

and, my favorite part:

"The Client has no right to download Files from the archive of audio recordings of YourMp3Songs if this violates the law of his country. The Site Administration is not controling the Client's actions therefore the Client is reponsibile for any illegitimate use of the Site's materials."

Ah, well, I don't think that's quite accepted by the World Intellectual Property Organization or any other legal body. Indeed, it's the same problematic agreement that's behind the controversial AllofMP3.com, as you can read about on Google News.

Needless to say, it's not a phishing attempt and they're not trying to glom onto any of your MySpace information, but they are inappropriately using MySpace material to make you think it's a legit invitation and sign up for this doubtless illegal music download site.

My advice: just delete this sort of message and good job being vigilant enough to notice that the URLs were pointing to somewhere other than myspace.com before you clicked on them!



Help others find this article at Del.icio.us, Digg, Netscape, Reddit, and Simpy.

Subscribe!

Never miss another useful Q&A article again! Subscribe to AskDaveTaylor with Google Reader.

Comments

Hi,
if your myspace has been phished, what do you do to restore your myspace back to how it originally was?

Posted by: morgan at March 2, 2007 9:48 PM

Hi,
if your myspace has been phished, what do you do to restore your myspace back to how it originally was?

Posted by: morgan at March 2, 2007 9:48 PM

Hi,
if your myspace has been phished, what do you do to restore your myspace back to how it originally was?

Posted by: morgan at March 2, 2007 9:48 PM

hi whenever someone tries to comment me it says that my membership has been cancelled or my friendshipid is invalid what can i do?

Posted by: nicole at April 2, 2007 3:13 AM

redfgfdg

try thay

Posted by: grefdgfd at May 4, 2007 11:37 AM

Please help all the sudden i cant reply to my messages or accept friends

Posted by: tammy at May 26, 2007 4:32 AM

i just wanted to know what do you do when the activation code doesn't show when your myspace has been hacked and your trying to change your password.

Posted by: kassandra at July 2, 2007 9:14 PM

hey! my account got phished! i can't get my password even though they saty they will send it trough via email, or anything.....and i forgot my password! what in the heck do i do????? thank you! muuch appreciateed! mycah

Posted by: mycah at January 29, 2008 1:50 PM

I have a lot to say, but ...
Starbucks coffee cup I have a lot to say, and questions of my own for that matter, but most of all I'd like to say thank you for all your efforts on this Web site by buying you a chai!

I do have a comment, now that you mention it!









Remember personal info?


Please note that I will never send you any unsolicited commercial email. Ever.

While I'm at it, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site.









Uniblue: Free Virus Scan

Search
Find just the answers you seek from among our 1700+ free tech support articles by using our Lijit search engine.


Help!





Subscribe to
Ask Dave Taylor!

Add to Google Reader
Add to My Yahoo!
Subscribe in NewsGator Online

RDF   XML

Free Updates!
Sign up and get free weekly updates and special offers on books, seminars, workshops and more.


Recent Entries
Join the List!
Join my author info mailing list, where you'll learn about my upcoming books, speaking gigs, and more!


Book Links
© 2002 - 2008 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

[whiteboard marker tray]