Phishing Pages Pose as Secure Login Pages

TrendLabs recently spotted a new phishing site spoofing CenturyLink’s secure login page from one of its anti-phishing resources.

CenturyLink, created by the merger of CenturyTel and Embarq on July 1, 2009, is a leading provider of high-quality voice, broadband, and video services through its advanced communication networks to consumers and businesses in 33 states in the United States. It is the currently the fourth largest local exchange telephone company in the United States in terms of access lines. It has more than 7 million access lines in service and more than 2 million high-speed Internet connections as well as its own 100 percent digital network, Centrex, ISDN, and advanced intelligent network.
Even though CyberLink’s real secure login page looks very similar to the spoofed one, there are still at least three major differences. First, the URL of the real login page is https://secure.centurylink.net/login.php begins with one of the first marks of a secure login page (https), followed by the company name, unlike the spoofed one, http://www.{BLOCKED}gsoo.com/g4/data/file/news/CenturyLink.net.html, which begins with http, followed by a suspicious-looking domain name before the company’s own name.
Next, a secure login page always has a padlock icon on the lower-right portion of the page while the fake page only has an exclamation (continue reading...)