Google Talk users hit by phishers

Share this article:

Google said Wednesday it has reigned in a new phishing scam in which attackers were trying to steal usernames and passwords through the company's instant messenger program.

The phishing message arrived as an unsolicited Google Talk message and contained a TinyURL link to a site called “ViddyHo," which asked potential victims to login with their Google Talk or Gmail credentials.

“Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts,” wrote Sophos' senior technology consultant Graham Cluley in a blog post. “Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there's a chance that some users may be more likely to fall into the trap."

Google has taken steps to address the problem. A spokesman said Wednesday that Google has blocked the IP addresses delivering the messages, and most internet users will receive a phishing warning when trying to visit the ViddyHo[dot]com site.

"We encourage users to be very careful when asked to share their personal information,” the spokesman told SCMagazineUS.com in an email Wednesday.

In addition, TinyURL has blacklisted the phishers' site, Cluley said.

But Cluley said in his blog: “There is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.”

This is the second black eye for Google this week. In the pre-dawn hours EST on Tuesday morning, millions of users worldwide were unable to access their Gmail accounts for 2 1/2 hours.

blog entry posted by Acacio Cruz, Gmail site reliability manager, explained that a routine maintenance event Tuesday in one of Google's European data centers caused “unexpected side effects of some new code that tries to keep data geographically close to its owner. The side effects caused another data center in Europe to “become overloaded, and that caused cascading problems from one data center to another.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.