Google Talk users hit by phishers

Share this article:

Google said Wednesday it has reigned in a new phishing scam in which attackers were trying to steal usernames and passwords through the company's instant messenger program.

The phishing message arrived as an unsolicited Google Talk message and contained a TinyURL link to a site called “ViddyHo," which asked potential victims to login with their Google Talk or Gmail credentials.

“Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts,” wrote Sophos' senior technology consultant Graham Cluley in a blog post. “Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there's a chance that some users may be more likely to fall into the trap."

Google has taken steps to address the problem. A spokesman said Wednesday that Google has blocked the IP addresses delivering the messages, and most internet users will receive a phishing warning when trying to visit the ViddyHo[dot]com site.

"We encourage users to be very careful when asked to share their personal information,” the spokesman told in an email Wednesday.

In addition, TinyURL has blacklisted the phishers' site, Cluley said.

But Cluley said in his blog: “There is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.”

This is the second black eye for Google this week. In the pre-dawn hours EST on Tuesday morning, millions of users worldwide were unable to access their Gmail accounts for 2 1/2 hours.

blog entry posted by Acacio Cruz, Gmail site reliability manager, explained that a routine maintenance event Tuesday in one of Google's European data centers caused “unexpected side effects of some new code that tries to keep data geographically close to its owner. The side effects caused another data center in Europe to “become overloaded, and that caused cascading problems from one data center to another.”

Share this article:

Sign up to our newsletters

More in News

Study shows how attackers make use of websites existing for less than 24 hours

Study shows how attackers make use of websites ...

Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.

Phishing campaign lures victims with models' photos

Two nude models' photos reeled in unsuspecting victims who handed over their Facebook logins to gain access to adult material.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year ...

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.