Gmail's one-two punch: Phishers attack after outage

Phishing scam uses Google Talk chat service to go after usernames, passwords

Gmail users were hit with a double whammy Tuesday.

Only hours after Google fixed a two-and-a-half hour Gmail outage, users of the hosted e-mail service's instant messaging tool were slammed with a phishing attack. Graham Cluley, a senior technology consultant with the UK-based security firm Sophos, wrote in a blog post Wednesday that the attack spread through the Gmail's Google Talk chat system.

The attackers sent Gmail users an instant message with no more of a lure than the message "check out this video" and a link from the TinyURL service, according to Cluley. The link, which is no longer working, took users to a website called ViddyHo that asked surfers to enter their Gmail usernames and passwords.

Cluley noted that TinyURL has blacklisted the phishers' site so that its no longer operational.

"The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet," wrote Cluley. "Potentially, a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts."

A Google spokesman noted in an email that the company has received "a number of reports" about the phishing attack from users. "We have blocked the addresses being used to send these messages, and users of Firefox, Safari, and Google Chrome will receive a phishing warning when trying to visit the ViddyHo.com site. We have also identified Viddyho.com in our search results as a phishing site," he said. "We encourage users to be very careful when asked to share their personal information."

The security consultant noted that people are often more susceptible to phishing or malware attacks that are spread via instant message than those that spread through email. People simply are more accustomed to being wary of email, leaving themselves vulnerable to other forms of attacks.

"If you were unfortunate enough to fall for this scam, make sure to change your Gmail password immediately. In fact, also change your passwords on any other site where you might be using the same password as on Gmail," said Cluley.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Gmailphising

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sharon Gaudin

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?