Did you know I can sign up as you on MySpace?
That’s right … I can sign up on MySpace under your email address and assume your identity. MySpace does send an email to verify the email address – but you do not have to click on the verification email to use MySpace. You can still do everything on MySpace you’d always do – like creating an account, adding pictures, adding friends, and generally being active on MySpace.
You can assume anyone’s identity on the number one site in America. But this is only if that email address was not used to sign up for an account.
This guy named Alvin has Jeff Bezos’s email associated with him. Maybe this is Jeff’s alter-ego, but I doubt it.
And did you know the US President has a MySpace profile? Search on “firstname.lastname@example.org” and you’ll find a guy named “the” who’s occupation is “swinger” and who’d like to meet “tyrants, weirdos, shallow corporate raiders. ex-skull and bone members.. remember the handshake. or is that remember the too.” … of course, he hasn’t logged in since 12/19/2003 – so he’s also an early adopter and early MySpace user.
Nick Douglas from Valleywag has a MySpace account under his gmail address. If you know Nick’s gmail address and you search at http://search.myspace.com you’ll be taken to his page. This is his real page.
But if you searched for Nick’s @valleywag.com email addresses this morning you wouldn’t have found anything. Anyone with a little ingenuity can register for MySpace under his email. And I just did. If you search for his email @valleywag.com now you’ll get this profile: http://www.myspace.com/valleynick
It looks legit but it is actually my putting it together. Not sure Nick got the email from MySpace with the password I picked … but if he misses the email or chooses to ignore it (because he already has a MySpace account and his other cookie overrides the link when he clicks on it), then I am as good as gold. Given the increase in Myspace phishing, and your tendency to overlook Myspace emails, I’m better than gold – I’m platinum baby.
[note: after 4 hours Nick still has not logged into his new account or changed the password]
Though this can be fun and tame … like me signing up as Clark Kent @ superman.com … it can also be used for malicious purposes. Someone can assume another person’s identity, get people to trust them, and be fooled when that person goes to verify their email address in MySpace (which is the only way to verify someone today).