Reports of phishing exploits on MySpace Web pages that host QuickTime files have reached a fevered pitch - unfortunately most of those reports are slim on details. The potential threat is real, but understanding what it is can help you avoid accidentally giving up your personal information.
What It Is
In this case, code is being used to trick users into giving up personal information: A phishing scam.
How It Works
The malicious QuickTime file can modify your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The file can also copy to your account without your interaction.
What You Can Do
Avoid playing QuickTime movies and audio files on MySpace profile pages. Disabling QuickTimeis auto-play feature is a good idea, too. Hereis how:
- Choose Apple menu > System Preferences to launch System Preferences.
- Select the QuickTime Preferences Pane.
- Click the Browser tab.
- Uncheck Play movies automatically.
Disable QuickTimeis auto-play feature.