Phishing site spoofing secure login page

A phishing site masquerading as the secure login page of CenturyLink, the fourth largest local exchange telephone carrier in the US in terms of access lines, has been discovered by TrendLabs:

The phishing page looks a lot like the original, but there are two things that should raise some suspicion:

• The legitimate URL is https://secure.centurylink.net/login.php, while the phishing one is http://www.{BLOCKED}gsoo.com/g4/data/file/news/CenturyLink.net.html. Putting aside the fact that the second one begins with http instead of https, the domain name is just plain wrong
• On the right side of the status bar, there is an exclamation point instead of a typical padlock icon, but on the left side it says “Done” – clearly a lie since the exclamation point suggests there is a problem.

If you fail to notice these things, and you enter your login credentials, they will be sent to the criminals who put this page online and they will use them to perpetrate some form of cyber identity fraud with you as the victim.

This phishing page is no longer active but, unfortunately, there are many others popping up daily. Remember – if something just feels off, it pays to be extra careful.