With over 100 million users in 12 countries, MySpace has become a social network networking phenomenon. However, as the number of users increases, so does the number of hackers. In 2006 alone more than 200,000 users were hit by major ‘phishing’ attacks, a type of criminal activity where phishers (aka hackers) attempt to steal sensitive information, such as user names and passwords.

In the case of MySpace, these phishers would use stolen log-in information to spam the site’s users. But the scariest part of this phenomenon is that almost anyone who is HTML savvy can practice this form of hacking.

A simple way of phishing is to create a fake log-in page for someone’s MySpace homepage or profile. For example, you’re profile.

Here’s how it works.

You’re already logged onto MySpace, and then you decide to click on one of your friends’ pictures to view their profile page, and then a log-in page appears. At this point almost anyone would assume that they got kicked off and had to log on again. However, by logging on to that fake page, your user name and password gets sent to hackers who collect them on other compromised Web servers. From there, this list of user name and password combinations becomes available to ANYONE who wants to view them.

Pipe Dream contacted MySpace to see what steps were being taken to increase security and stop phishers.

‘We will continue to aggressively protect our members through a combination of legal action, law enforcement pursuit and technological enhancements,’ said Hemanshu Nigam, chief security officer for MySpace.

MySpace has already filed two major lawsuits since January. The first was against Scott Richter and just last month MySpace filed the second suit against Sanford Wallace. Both violated state and federal laws including the CAN-SPAM Act and California’s anti-spam and anti-phishing statue.

What is even more surprising (or not) is that this is not the first time that either defendant is getting sued. Scott Richter has been sued by Microsoft and then-New York Attorney General Eliot Spitzer, and Sanford Wallace (who also calls himself the ‘King of Spam’) was sued by AOL, Concentric Network Corp., Compuserve and the Federal Trade Commission.

So if these law suits haven’t stopped the problem, users may be wondering what they can do to protect themselves.

Nigam is assuring us that MySpace is seeking ‘a permanent injunction barring Richter [and Wallace] and [their] affiliated companies from the MySpace site.’

But in the meantime, some BU students have taken matters into their own hands, either by making their profiles private, or just switching to Facebook.

BU sophomore Maya Fiks said she was a victim of MySpace phishing.

‘I used to get that [spam] a lot before I got mad and changed my profile to private,’ she said. ‘The penis ads, and free Prada bag posts people put on your page.’

Fiks said she was even propositioned by strangers to participate in fulfilling weird sexual fetishes.

‘I got messages from random guys always, offers about people who wanted some dominatrix shit,’ she said. ‘They were like, ‘I’ll pay you $400 to lick your boots and clean your room.’ I’d look around my room like, ‘Hmm, that wouldn’t be so bad to get a clean room and $400.’

In addition to making her profile private, Fiks has begun using Facebook more and MySpace a little less often.

‘The whole point of Facebook was that there stuff is open only to college students,’ she said. ‘Only Facebook users know it’s open to everybody, so you don’t have those random strangers sending you stuff because they don’t know they can.’

But in the meantime, (aside from switching to Facebook) the only thing MySpace users can do is just stay on the lookout. If anyone notices one of their ‘friends’ posting a lot of spam, most likely it’s not them. So let your friend know so they can change their password ASAP. And if that sounds a little too annoying and too ‘out of the way’ you can always make friends at school or at work.