Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    TrendLabs recently spotted a new phishing site spoofing CenturyLink’s secure login page from one of its anti-phishing resources.

    Click for larger view Click for larger view

    CenturyLink, created by the merger of CenturyTel and Embarq on July 1, 2009, is a leading provider of high-quality voice, broadband, and video services through its advanced communication networks to consumers and businesses in 33 states in the United States. It is the currently the fourth largest local exchange telephone company in the United States in terms of access lines. It has more than 7 million access lines in service and more than 2 million high-speed Internet connections as well as its own 100 percent digital network, Centrex, ISDN, and advanced intelligent network.

    Even though CyberLink’s real secure login page looks very similar to the spoofed one, there are still at least three major differences. First, the URL of the real login page is https://secure.centurylink.net/login.php begins with one of the first marks of a secure login page (https), followed by the company name, unlike the spoofed one, http://www.{BLOCKED}gsoo.com/g4/data/file/news/CenturyLink.net.html, which begins with http, followed by a suspicious-looking domain name before the company’s own name.

    Next, a secure login page always has a padlock icon on the lower-right portion of the page while the fake page only has an exclamation point, indicating that something is wrong.

    Finally, look at the lower-left portion of the spoofed page, though it is marked as “Done,” it clearly contains errors, as evidenced again by the exclamation point.

    Users who unknowingly end up in the malicious site and enter their credentials are at risk of losing critical personal credentials or maybe even their identities, as clicking the Log In button sends the user data to the cybercriminals behind this attack. As of this writing, however, the phishing page is no longer active.

    There are several ways by which you can tell if you are being phished, the three techniques mentioned above are just some of the more noticeable ones, particularly in this attack. But there are also several ways by which users can protect themselves from being phished. Awareness, in this regard, is clearly key.

    Trend Micro™ Smart Protection Network™ protects users from this kind of attack by blocking user access to malicious sites and domains.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice