Phishers Mock-Up Major Telco Log-In

In a relatively new instance of phishing innovation, attackers are directly targeting users of one of the nation’s larger communications providers by launching phony, but very realistic “secure” online log-in URLs.

As first reported by researchers with Trend Micro’s TrendLabs group, phishers are specifically going after customers of CenturyLink, the fourth largest local exchange company in the U.S., which was created via the merger of CenturyTel and Embarq in mid-2009. The company currently provides voice, ISP and video transmission services in some 33 states and claims over 7 million access lines.

According to TrendLabs, researchers recently began noticing extremely realistic knock-offs of CenturyLink’s online customer portal turning up on the Web over the last week, illustrating the attempt by attackers to tap into the company’s growing user base.

Once tricked into falling for the scheme, customers’ CenturyLink log-in information is likely used to both hijack their accounts and steal any information that can be accessed from those systems, including any payment card data they may have stored there, the experts said.

While the phony URL is basically a total knock-off of the company’s legitimate log-in site, TrendLabs indicated that there are some telltale signs for people to watch out for in attempting to avoid getting duped. Among the clues that the pages are not authentic are a suspicious looking domain, the lack of a padlock icon in browsers displaying the URL and some visible code errors near the bottom of the sites.

As with avoiding other recent realistic phishing schemes reported by the researchers, including those aimed at users of AOL IM, TrendLabs recommended several methods for users to employ to determine whether or not they are being attacked.

Those include:

-Keeping all browser, e-mail and IM security patches up to date. -Educating employees about emerging attack campaigns targeting highly used systems. -Refusing to answer unsolicited requests for log-in information. -Deleting messages that request confidential data. -Keeping AV defenses on at all times.

While phishing has been around for well over five years now, the attacks unquestionably continue to get more targeted and realistic as threatsters keep upping the ante.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.