Security vendor, Websense Inc. has said that a phishing site that harvested the log-in and credentials of MySpace.com users was removed as of Friday from a California server. According to the vendor, the attack would not have been noticed by most users.

Websense officials said that the attack starts with phishers sending a link through America Online Inc.'s instant messaging program or a similar one. The link is from someone in the user's contact lists, asking the user to click the link to MySpace to view photos. The link leads to a fraudulent MySpace log-in page where victims enter their information. Websense officials said that at this point the victims are then transparently logged into the real MySpace pages.

The hacker in the meanwhile would have accessed personal information stored by MySpace, such as someone's address and birthday, which could be used to open a bank account.

A phishing attack involves tricking users into visiting a look-alike Web page that asks for personal information, which is then sent to a hacker. The amount of personal information stored on MySpace user pages is making the social networking site an increasingly attractive target for identity theft, Websense officials said.

A hacker can also tap other instant messaging contacts or e-mail addresses to send out the link to the phishing site, which often is done using automated programs. MySpace, started in 2004 and bought by News Corp. last year, counts at least 73 million users and is growing.