Phishing Attack Targets last.fm Users

September 2010
M	T	W	T	F	S	S
« Aug
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Jun

The current trend for abusing Web 2.0 sites in co-ordinated phishing attacks continues.

Users of the “world’s largest online music catalogue” are the latest victims. Unfortunate users receive a message in their last.fm shoutbox saying “hey – check out this blog with ur pic – http://ur.lc/[blocked]” or “hey check out this blog” again with an abbreviated URL.

spam

If you click the link you are redirected to a faked last.fm login screen as below, note the highlighted URL

lastfm

This is a known malicious domain registered to a Chinese IP address and has been associated with several previous credential harvesting attacks.

I’ve said it once, but it bears repeating, *always* check the URL in the address bar of your browser before entering any login credentials.

Bookmark

| More

This entry was posted on Friday, 5. June 2009 and is filed under "Phishing, Web 2.0". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

2 Comments to "Phishing Attack Targets last.fm Users"

	Peper IT » Blog Archive » Last.fm gebruikers doelwit phishingaanval: Tuesday, 9. June 2009 um 2:31 am

[...] waar een account aan vastzit. Zo zijn het dit keer gebruikers van muziekdienst Last.fm die een phishingbericht in hun shoutbox ontvingen. In het bericht stond de tekst “hey – check out this blog with ur [...]

Dandy Forsdyke:
Monday, 25. January 2010 um 8:19 am

“Hello,

I’m sorry to inform you that your account has been compromised at some point
over the last few days. Last.fm has been the target of a ‘phishing’ attack where
someone will send you a PM or a shoutbox message asking you to click a link.
This takes you to a page that looks like a Last.fm login page, but is actually
hosted elsewhere. When you enter your username and password, the culprits use
these details to spam on your behalf.

PLEASE CHANGE YOUR PASSWORD ASAP. To stop the spread of more phishing, your
account has been ‘muted’… That is, you are not allowed to post anything for 48
hours.

In future, please ensure when you are asked to login to last.fm you can clearly
see https://www.last.fm/login in the address bar; anything else is a forgery.

More details on how to keep your account safe are available here:
http://www.last.fm/help/faq?category=Miscellaneous#359

Thanks,
Laurie”

Name:

E-Mail (not published)

Website:

Spam protection

Sum of 8 + 10 ?