Google Talk users hit by phishers

Share this article:

Google said Wednesday it has reigned in a new phishing scam in which attackers were trying to steal usernames and passwords through the company's instant messenger program.

The phishing message arrived as an unsolicited Google Talk message and contained a TinyURL link to a site called “ViddyHo," which asked potential victims to login with their Google Talk or Gmail credentials.

“Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts,” wrote Sophos' senior technology consultant Graham Cluley in a blog post. “Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there's a chance that some users may be more likely to fall into the trap."

Google has taken steps to address the problem. A spokesman said Wednesday that Google has blocked the IP addresses delivering the messages, and most internet users will receive a phishing warning when trying to visit the ViddyHo[dot]com site.

"We encourage users to be very careful when asked to share their personal information,” the spokesman told SCMagazineUS.com in an email Wednesday.

In addition, TinyURL has blacklisted the phishers' site, Cluley said.

But Cluley said in his blog: “There is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.”

This is the second black eye for Google this week. In the pre-dawn hours EST on Tuesday morning, millions of users worldwide were unable to access their Gmail accounts for 2 1/2 hours.

blog entry posted by Acacio Cruz, Gmail site reliability manager, explained that a routine maintenance event Tuesday in one of Google's European data centers caused “unexpected side effects of some new code that tries to keep data geographically close to its owner. The side effects caused another data center in Europe to “become overloaded, and that caused cascading problems from one data center to another.”

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.