CounterMeasures - A Security Blog » last.fm http://countermeasures.trendmicro.eu Trend Micro’s Rik Ferguson blogs about current security issues. Wed, 01 Feb 2012 14:48:59 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Phishing Attack Targets last.fm Users http://countermeasures.trendmicro.eu/phishing-attack-targets-lastfm-users/ http://countermeasures.trendmicro.eu/phishing-attack-targets-lastfm-users/#comments Fri, 05 Jun 2009 10:01:51 +0000 Rik Ferguson http://countermeasures.trendmicro.eu/?p=704 ]]> The current trend for abusing Web 2.0 sites in co-ordinated phishing attacks continues.

 

Users of the “world’s largest online music catalogue” are the latest victims. Unfortunate users receive a message in their last.fm shoutbox saying “hey – check out this blog with ur pic – http://ur.lc/[blocked]” or “hey check out this blog” again with an abbreviated URL.

spam

 

If you click the link you are redirected to a faked last.fm login screen as below, note the highlighted URL

lastfm

 

This is a known malicious domain registered to a Chinese IP address and has been associated with several previous credential harvesting attacks.

 

I’ve said it once, but it bears repeating, *always* check the URL in the address bar of your browser before entering any login credentials.

]]> http://countermeasures.trendmicro.eu/phishing-attack-targets-lastfm-users/feed/ 2