Myspace music lovers are being targeted by a mass phishing attack that directs them to a fake music download site.

According to IT security firm, Sophos, the emails try to lure the victim to the Myspace website to listen to a free music track sent by a Myspace user. However, rather than taking users to the Myspace website, it directs them to a site claiming to sell mp3 music.

Here the person is encouraged to pay to download music; this means the phishers can harvest personal information, credit card details and email addresses.

However, the site, which only had its domain name registered on 5 October and claims to be based in Lappeenranta in Finland, has no affiliation with the social networking website.

Sophos warned it is an aggressively distributed campaign and the phishing emails have been sent to hundreds of thousands of people around the world in the last week.

By pretending to be an email from a Myspace contact, the spammers heighten the chances of potential victims opening the email.

The company noted that to give the email additional authentication, the phishers have also included a faked Myspace boilerplate text in their message: "At Myspace we care about your privacy. We have sent you this notification to facilitate your use as a member of the Myspace service. If you don't want to receive emails like this to your external email account in the future, change your Account Settings to 'Do not send me notification emails'."

Graham Cluley, senior technology consultant at Sophos, said: "By making the headlines nearly every day, the Myspace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes.

"This email has been so aggressively spammed out that many of its recipients are not even Myspace users, so common sense should tell them the email is unsolicited and is to be deleted.

"Anyone who follows the links expecting to get free music, however, is risking handing their email address, credit card numbers and other private information over to the spammers."

The subject headings of the phishing emails typically read: 'New message from <name> on Myspace sent on <date> <time>'. The message in the email then informs the user, "You've got a new song from <name> on MySpace!", and invites them to click on a link to hear "your Myspace music".