Phishers may not just be after your bank account details. With spam-based marketing becoming a major market in its own right, phishers are looking for ways to contact people in a trusted environment.
Kevin McGhee, writing on the McAfee Avert Labs blog, says the company's Site Advisor team noticed some active MySpace phish domains this week which made him wonder why someone would want to break into a MySpace account.
"There isn’t really any sensitive information like credit card or bank account details stored in the accounts so what are the phishers phishing for?" he asks.
The lab found a number of domains with "perfect MySpace front pages" designed to trick people into giving away their usernames and passwords.
"After a bit of research on the topic I quickly realised that spammers are using the phished details to login to peoples accounts and post spam messages on other people’s accounts.
"MySpace seems to be aware of the problem," McGhee adds. "This poses a particular headache as MySpace can’t close down legitimate user accounts like they could if the spammer had registered new accounts and started spamming from them."
Some additional research led McGhee to discover that, having gleaned account details, they are available either for rent or for sale.
McGhee warns that, having access to MySpace information could help more sinister characters to find out more about individuals and start compromsing their identity or even the files they share.