Phishing Attack Targets last.fm Users

The current trend for abusing Web 2.0 sites in co-ordinated phishing attacks continues.

 

Users of the “world’s largest online music catalogue” are the latest victims. Unfortunate users receive a message in their last.fm shoutbox saying “hey – check out this blog with ur pic – http://ur.lc/[blocked]” or “hey check out this blog” again with an abbreviated URL.

spam

 

If you click the link you are redirected to a faked last.fm login screen as below, note the highlighted URL

lastfm

 

This is a known malicious domain registered to a Chinese IP address and has been associated with several previous credential harvesting attacks.

 

I’ve said it once, but it bears repeating, *always* check the URL in the address bar of your browser before entering any login credentials.

2 thoughts on “Phishing Attack Targets last.fm Users

  1. Dandy Forsdyke

    “Hello,

    I’m sorry to inform you that your account has been compromised at some point
    over the last few days. Last.fm has been the target of a ‘phishing’ attack where
    someone will send you a PM or a shoutbox message asking you to click a link.
    This takes you to a page that looks like a Last.fm login page, but is actually
    hosted elsewhere. When you enter your username and password, the culprits use
    these details to spam on your behalf.

    PLEASE CHANGE YOUR PASSWORD ASAP. To stop the spread of more phishing, your
    account has been ‘muted’… That is, you are not allowed to post anything for 48
    hours.

    In future, please ensure when you are asked to login to last.fm you can clearly
    see https://www.last.fm/login in the address bar; anything else is a forgery.

    More details on how to keep your account safe are available here:
    http://www.last.fm/help/faq?category=Miscellaneous#359

    Thanks,
    Laurie”

    Reply
  2. Pingback: Peper IT » Blog Archive » Last.fm gebruikers doelwit phishingaanval

Leave a Reply

Your email address will not be published. Required fields are marked *

*