A TREND MICRO BLOG

Jun 5

Phishing Attack Targets last.fm Users

Rik Ferguson

Filed under: Phishing, Web 2.0 | RSS 2.0 | TB | Tags: , , | 2 Comments

The current trend for abusing Web 2.0 sites in co-ordinated phishing attacks continues.

 

Users of the “world’s largest online music catalogue” are the latest victims. Unfortunate users receive a message in their last.fm shoutbox saying “hey – check out this blog with ur pic – http://ur.lc/[blocked]” or “hey check out this blog” again with an abbreviated URL.

spam

 

If you click the link you are redirected to a faked last.fm login screen as below, note the highlighted URL

lastfm

 

This is a known malicious domain registered to a Chinese IP address and has been associated with several previous credential harvesting attacks.

 

I’ve said it once, but it bears repeating, *always* check the URL in the address bar of your browser before entering any login credentials.


Bookmark
| More

This entry was posted on Friday, 5. June 2009 and is filed under "Phishing, Web 2.0". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

2 Comments

  1. Tuesday, 9. June 2009 um 2:31 am

    [...] waar een account aan vastzit. Zo zijn het dit keer gebruikers van muziekdienst Last.fm die een phishingbericht in hun shoutbox ontvingen. In het bericht stond de tekst “hey – check out this blog with ur [...]

  2. Monday, 25. January 2010 um 8:19 am

    “Hello,

    I’m sorry to inform you that your account has been compromised at some point
    over the last few days. Last.fm has been the target of a ‘phishing’ attack where
    someone will send you a PM or a shoutbox message asking you to click a link.
    This takes you to a page that looks like a Last.fm login page, but is actually
    hosted elsewhere. When you enter your username and password, the culprits use
    these details to spam on your behalf.

    PLEASE CHANGE YOUR PASSWORD ASAP. To stop the spread of more phishing, your
    account has been ‘muted’… That is, you are not allowed to post anything for 48
    hours.

    In future, please ensure when you are asked to login to last.fm you can clearly
    see https://www.last.fm/login in the address bar; anything else is a forgery.

    More details on how to keep your account safe are available here:
    http://www.last.fm/help/faq?category=Miscellaneous#359

    Thanks,
    Laurie”

Leave a comment

XHTML allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam protection

© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice. Disclaimer