Google Talk users hit by phishers

Share this article:

Google said Wednesday it has reigned in a new phishing scam in which attackers were trying to steal usernames and passwords through the company's instant messenger program.

The phishing message arrived as an unsolicited Google Talk message and contained a TinyURL link to a site called “ViddyHo," which asked potential victims to login with their Google Talk or Gmail credentials.

“Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts,” wrote Sophos' senior technology consultant Graham Cluley in a blog post. “Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there's a chance that some users may be more likely to fall into the trap."

Google has taken steps to address the problem. A spokesman said Wednesday that Google has blocked the IP addresses delivering the messages, and most internet users will receive a phishing warning when trying to visit the ViddyHo[dot]com site.

"We encourage users to be very careful when asked to share their personal information,” the spokesman told SCMagazineUS.com in an email Wednesday.

In addition, TinyURL has blacklisted the phishers' site, Cluley said.

But Cluley said in his blog: “There is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.”

This is the second black eye for Google this week. In the pre-dawn hours EST on Tuesday morning, millions of users worldwide were unable to access their Gmail accounts for 2 1/2 hours.

blog entry posted by Acacio Cruz, Gmail site reliability manager, explained that a routine maintenance event Tuesday in one of Google's European data centers caused “unexpected side effects of some new code that tries to keep data geographically close to its owner. The side effects caused another data center in Europe to “become overloaded, and that caused cascading problems from one data center to another.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Pirate Bay co-founder found guilty for hacking IT service provider

Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 ...

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.