MySpace is hosting a phishing page targeted at its own users, according to NetCraft. A report from Netcraft today points to a phishing Web site that is being hosted on MySpace.com. The page, which is still active, asks users to provide their MySpace username and password to access premium content. Hitting Login, however, sends your credentials to a server hosted in Ireland that Netcraft has identified as being involved in phishing attacks. The attack is noteable because it does not use suspect techniques like cross site scripting to fool users. Instead, plain old HTML is used to bury the MySpace.com content on the page and provide the simple login screen for users. That means that automated tools that Myspace uses to look for malicious content may not clue into the ruse. While MySpace profiles wont yield credit card numbers and bank accounts, and aren’t the treasure troves that, say, online brokerage accounts are, they can be used to spread malicious code or to craft even more sophisticated spear phishing attacks later on. MySpace has been informed of the attack but apparently hasn’t gotten around to taking it down yet. Let’s hope they do soon! Security