ARN

Gmail's one-two punch: Phishers attack after outage

Phishing scam uses Google Talk chat service to go after usernames, passwords
Page:

Gmail users were hit with a double whammy Tuesday.

Only hours after Google fixed a two-and-a-half hour Gmail outage, users of the hosted e-mail service's instant messaging tool were slammed with a phishing attack. Graham Cluley, a senior technology consultant with the UK-based security firm Sophos, wrote in a blog post Wednesday that the attack spread through the Gmail's Google Talk chat system.

The attackers sent Gmail users an instant message with no more of a lure than the message "check out this video" and a link from the TinyURL service, according to Cluley. The link, which is no longer working, took users to a website called ViddyHo that asked surfers to enter their Gmail usernames and passwords.

Cluley noted that TinyURL has blacklisted the phishers' site so that its no longer operational.

"The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet," wrote Cluley. "Potentially, a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts."

A Google spokesman noted in an email that the company has received "a number of reports" about the phishing attack from users. "We have blocked the addresses being used to send these messages, and users of Firefox, Safari, and Google Chrome will receive a phishing warning when trying to visit the ViddyHo.com site. We have also identified Viddyho.com in our search results as a phishing site," he said. "We encourage users to be very careful when asked to share their personal information."

The security consultant noted that people are often more susceptible to phishing or malware attacks that are spread via instant message than those that spread through email. People simply are more accustomed to being wary of email, leaving themselves vulnerable to other forms of attacks.

"If you were unfortunate enough to fall for this scam, make sure to change your Gmail password immediately. In fact, also change your passwords on any other site where you might be using the same password as on Gmail," said Cluley.

Page:

Come socialise with us! Facebook | LinkedIn

More about: Google, Microsoft, Sophos, VIA
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: gmail, phising
ARN Directory | Distributors relevant to this article
Aquion , ASI Solutions , Avnet Technology Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Leader Computers , NewLease , Synnex Australia , Topstar Computer International , XiT Distribution , Xpress I.T.
ARN Directory | Vendors relevant to this article
Sophos
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/avg/349_protect-your-android-phones-with-avg
AVG (AU/NZ) Pty Ltd

Protect your Android Phones with AVG Mobilation

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.