Attackers have found a way to use a genuine MySpace account to trick users into disclosing passwords.

Reports today indicate that a MySpace user was e-mailing potential victims inviting them to visit a fraudulent log-in page, where they were asked to enter their e-mail address and password. That information was then sent to a server located in France, according to Netcraft, a Web analysis firm that reported the problem.

The attack, which was shut down by MySpace around 10 a.m. Pacific this morning took advantage of the way MySpace organizes URLs in order to give the fake log-in page a believable Web address, something that could confuse even security-conscious users, according to Netcraft analyst Rich Miller.

The attacker had registered a MySpace account named login_home_index_html, meaning that the MySpace page hosting the fake login, looked like a legitimate place where users would sign on to the service.

Tags: MySpace, Phishing Attack