Feeds

Gmail phishing attack hits on heels of outage

Oh the humanity

Choosing a cloud hosting partner with confidence

Gmail users, still swooning from the extended outage on Tuesday, were hit with a widespread phishing attack hours after the blackout.

The malicious message spread via the Google Talk instant messaging chat system, urging users to a video by clicking on a link connected via the TinyURL service. The link points to a website called ViddyHo, which invited users to submit their Gmail usernames and passwords.

Once extracted from marks these login credentials could be used for a variety of malign purposes ranging from impersonation to identity theft, or simply for sending spam. The motive for the attack is unclear.

A San Francisco-based man who reportedly registered the ViddyHo domain, Cam-Hoan Ton-That, may be able to supply some answers, but is yet to be tracked down.

Victims were urged to change their passwords before hackers have a chance to abuse their webmail account.

TinyURL has blacklisted the site, rendering the attack inert, but that action is too late for those duped by the ruse, who now need to act quickly.

"If you think you might have been duped, make sure you change your Gmail password immediately otherwise your entire address book and all your correspondence, including information that you may have archived about other online accounts, will quickly become rich pickings for the hackers," warned Graham Cluley, senior technology consultant at Sophos.

Cluley added that the attack was more plausible because malign messages came via the instant chat system built into Gmail rather than by email directly.

The incident illustrates the importance of using different passwords for multiple online accounts. Recent research by Sophos found that two in five (41 per cent) of surfers use the same password for every website they access, creating a much bigger problem in the event of any password compromise.

More details of the attack, including screenshots, can be found in a blog posting by Cluley here. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.