• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Phishing Pages Pose as Secure Login Pages

Phishing Pages Pose as Secure Login Pages

  • Posted on:February 8, 2010 at 4:01 am
  • Posted in:Bad Sites, Mobile
  • Author:
    Abigail Villarin (Fraud Analyst)
3

TrendLabs recently spotted a new phishing site spoofing CenturyLink’s secure login page from one of its anti-phishing resources.

Click for larger view Click for larger view

CenturyLink, created by the merger of CenturyTel and Embarq on July 1, 2009, is a leading provider of high-quality voice, broadband, and video services through its advanced communication networks to consumers and businesses in 33 states in the United States. It is the currently the fourth largest local exchange telephone company in the United States in terms of access lines. It has more than 7 million access lines in service and more than 2 million high-speed Internet connections as well as its own 100 percent digital network, Centrex, ISDN, and advanced intelligent network.

Even though CyberLink’s real secure login page looks very similar to the spoofed one, there are still at least three major differences. First, the URL of the real login page is https://secure.centurylink.net/login.php begins with one of the first marks of a secure login page (https), followed by the company name, unlike the spoofed one, http://www.{BLOCKED}gsoo.com/g4/data/file/news/CenturyLink.net.html, which begins with http, followed by a suspicious-looking domain name before the company’s own name.

Next, a secure login page always has a padlock icon on the lower-right portion of the page while the fake page only has an exclamation point, indicating that something is wrong.

Finally, look at the lower-left portion of the spoofed page, though it is marked as “Done,” it clearly contains errors, as evidenced again by the exclamation point.

Users who unknowingly end up in the malicious site and enter their credentials are at risk of losing critical personal credentials or maybe even their identities, as clicking the Log In button sends the user data to the cybercriminals behind this attack. As of this writing, however, the phishing page is no longer active.

There are several ways by which you can tell if you are being phished, the three techniques mentioned above are just some of the more noticeable ones, particularly in this attack. But there are also several ways by which users can protect themselves from being phished. Awareness, in this regard, is clearly key.

Trend Micro™ Smart Protection Network™ protects users from this kind of attack by blocking user access to malicious sites and domains.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.