Many users of Google’s email service were victims of a massive phishing attack just hours after the email service suffered a major outage.
The Google Talk instant messaging chat system began inviting users to view a video by clicking on a link connected via the TinyURL service.
Users who clicked the link were taken to a website called ViddyHo, which invited users to submit their Gmail usernames and passwords.
Such attacks, known as “phishing,” prompt users to enter their login credentials, which are then stolen and used for a variety of crimes including impersonation, identity theft or sending spam.
Authorities have still not pinpointed the motive for the attack.
San Francisco police are searching for a man who reportedly registered the ViddyHo domain under the name Cam-Hoan Ton-That.
The phishing attack victims were urged to change their passwords before their webmail accounts could be compromised.
Since the discovery, TinyURL has blacklisted the site, but victims of the phishing attack are still vulnerable to email takeovers until they update their account information.
Graham Cluley, senior technology consultant at Sophos said: “If you think you might have been duped, make sure you change your Gmail password immediately otherwise your entire address book and all your correspondence, including information that you may have archived about other online accounts, will quickly become rich pickings for the hackers.”
Cluley warned of the likelihood of an attack since the prompts came via the instant chat system built into Gmail rather than directly through the email service.
Security experts have stressed the importance of using different passwords for multiple online accounts for better protection against hackers.
Some 41 percent of web surfers use the same password for every website they access, creating a much bigger problem in the event of any password compromise, according to research from Sophos.
Based on a report by The Register
On the Net: