Google Talk users hit by phishers

Share this article:

Google said Wednesday it has reigned in a new phishing scam in which attackers were trying to steal usernames and passwords through the company's instant messenger program.

The phishing message arrived as an unsolicited Google Talk message and contained a TinyURL link to a site called “ViddyHo," which asked potential victims to login with their Google Talk or Gmail credentials.

“Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts,” wrote Sophos' senior technology consultant Graham Cluley in a blog post. “Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there's a chance that some users may be more likely to fall into the trap."

Google has taken steps to address the problem. A spokesman said Wednesday that Google has blocked the IP addresses delivering the messages, and most internet users will receive a phishing warning when trying to visit the ViddyHo[dot]com site.

"We encourage users to be very careful when asked to share their personal information,” the spokesman told SCMagazineUS.com in an email Wednesday.

In addition, TinyURL has blacklisted the phishers' site, Cluley said.

But Cluley said in his blog: “There is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.”

This is the second black eye for Google this week. In the pre-dawn hours EST on Tuesday morning, millions of users worldwide were unable to access their Gmail accounts for 2 1/2 hours.

blog entry posted by Acacio Cruz, Gmail site reliability manager, explained that a routine maintenance event Tuesday in one of Google's European data centers caused “unexpected side effects of some new code that tries to keep data geographically close to its owner. The side effects caused another data center in Europe to “become overloaded, and that caused cascading problems from one data center to another.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.