Google Gmail service hit by "phishing" scam
Google’s web-based email service, Gmail, has been hit by a phishing attack, just hours after a system outage left millions of users unable to send and receive emails.
By Claudine Beaumont
The scam targeted the Google Talk instant-message service, which is built in to Gmail. People targeted by the scam received an instant message that appeared to come from a friend or legitimate contact. The message contained a web link, which re-directed users to a website called ViddyHo.com, and which prompted them to re-enter their Gmail usernames and passwords. Those who did enter their login details then found that their accounts had been used to spread the fake instant message and link to everyone in their online contacts list.
Web security experts at Sophos warned that the phishing scam could enable the hackers behind ViddyHo to use these login credentials to access accounts and steal information, perhaps with a view to commiting identity theft.
“We’re all used to receiving suspicious communications via email, but these attacks arrived via the instant chat system built into Gmail,” said Graham Cluley, a senior technology consultant at Sophos. “As a result, more users may fall unwittingly into the trap. If you think you might have been duped, make sure you change your Gmail password immediately, otherwise your entire address book and all your correspondence – including information that you may have archived about other online accounts – will quickly become rich pickings for the hackers.”
Google has attempted to nullify the phishing attack by adding the ViddyHo.com website to its blacklist, blocking the instant messages, and marking the site as a possible source of malicious software in its Google search results list. Many popular web browsers, including Firefox, Safari and Google Chrome, also alert users to the fact that ViddyHo.com cannot be trusted as a safe site.
Sophos estimates that more than 40 per cent of internet surfers use the same password for every website they access. The company warns it is therefore crucial to change passwords immediately if there is any possibility that the security of an account has been compromised.
“The message is simple. You should always be wary of clicking on unsolicited links whether received over email or instant message, and be extremely careful whenever a website asks you to enter your username and password for another site,” said Cluley.
The phishing scam caps a bad 24 hours for Google. It’s web-based email service, Gmail, crashed at around 9.30am GMT on Tuesday morning, leaving users throughout the UK and across Europe unable to access their accounts. The outage also affected Gmail users in Australia, India and America.
Some users were still able to access the service using third-party mail programs, or via their mobile phones, but those hoping to log on to Gmail via the web were met with a page error.
Although the service was restored after two and a half hours, Google did not confirm what had caused the system failure. Acacio Cruz, site reliability manager for Gmail, apologised for the downtime, and said the company had done everything possible to restore the service as quickly as possible.
“We know that for many of you, this disrupted your working day,” wrote Mr Cruz on the official Google blog. “We’re really sorry about this, and we did do everything to restore access as soon as we could. Our priority was to get you back up and running. Our engineers are still investigating the root cause of the problem.”
The Gmail outage is not the first technical problem to affect Google users in recent weeks. Last month, Google blamed “human error” for a glitch in its web system that resulted in the Google search engine flagging up every website as a potential source of viruses and malicious software.
Comments (0 posted)
Post your comment