The current trend for abusing Web 2.0 sites in co-ordinated phishing attacks continues.
Users of the “world’s largest online music catalogue” are the latest victims. Unfortunate users receive a message in their last.fm shoutbox saying “hey – check out this blog with ur pic – http://ur.lc/[blocked]” or “hey check out this blog” again with an abbreviated URL.
If you click the link you are redirected to a faked last.fm login screen as below, note the highlighted URL
This is a known malicious domain registered to a Chinese IP address and has been associated with several previous credential harvesting attacks.
I’ve said it once, but it bears repeating, *always* check the URL in the address bar of your browser before entering any login credentials.