Gmail users hit by ViddyHo phishing chat attack

Filed Under: Data loss, Google, Phishing

It's not been a good 24 hours for Gmail users. Having survived a blackout yesterday morning, fans of Google's email system have been the target of phishing campaign spreading via the Google Talk chat system.

Google Talk message telling recipients to visit Viddyho's website

The unsolicited instant messages urge Gmail users to "check out this video" by clicking on a link via the TinyURL service. The link, however, directs users to a website called ViddyHo - which asks surfers to enter their Gmail usernames and passwords.

Viddyho phishing page

This is, of course, a classic attempt to phish credentials from the unwary. The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet.

Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there's a chance that some users may be more likely to fall into the trap.

If you were unfortunate enough to fall for this scam - make sure to change your Gmail password immediately. In fact, also change your passwords on any other site where you might be using the same password as on Gmail.

As some 41% of people use the same password for every website they access, you can understand how letting your credentials fall into the wrong hands could be disastrous.

Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence - including information that you may have archived about other online accounts.

The message is simple. You should always be wary of clicking on unsolicited links and be extremely careful whenever a website asks you for a username and password.

TinyURL has now blacklisted the site, meaning that their link will no longer work. However, there is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.