Another Web 2.0 Site, Last.fm Comes Under Phishers’ Attack

Phishers are targeting users of Last.fm, a website for social networking, with an attack that tricks them into giving away their login details.

Reportedly, the new phishing assault begins with a note sent to the Last.fm shoutbox that asks user to check out his/her picture in the blog, while an abbreviated URL is appended. However, when music fans click on the link, they are diverted to a phony Last.fm login page.

According to Trend Micro, the domain name used in the attacks has its origin in China and it has also been associated with a number of earlier attacks that harvested login credentials.

The attack represents the most recent instance of cyber criminals employing phishing techniques against Web 2.0 sites like Last.fm and Twitter. These attacks are appearing to gain popularity among login hackers and phishers since, as per security researchers, websites like Twitter and Last.fm are categorized as low sensitivity sites.

Actually, phishers appear to be getting increasingly cautious and employing greater sophistication in their attack techniques, as it is often difficult to trace attacks that abuse social networking sites.

People tend to set simple passwords for their accounts on these social sites, allowing hackers and phishers to easily crack the login credential. However, security researchers attribute the lack of proper security in comparison to online sites pertaining to web-mail security and Internet banking websites for higher number of attacks.

They say that people using these sites often lack the knowledge of how to keep their accounts secured. They click on links without thinking twice, leading to scams.

Thus, security is the most essential and every Internet surfer should adopt it. Users must know when and what to click so that scams such as those that victimized several music lovers recently could be aborted wholly.

Another plea that security specialists make is that Internet surfers must verify the URL address inside their browser's address bar prior to feeding any login detail, as the address could be vicious leading to fake websites like in the case of Last.fm.

Related article: Another Worm Using Bush’s Theme Creeps Into PCs

» SPAMfighter News - 6/13/2009