Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Google instant messaging targeted by phishers

Sophos : 26 February, 2009  (Technical Article)
Sophos warns Google users of phishing campaign propagated through GoogleMail instant messaging service with the distribution of messages inviting users to click on a URL which takes passwords
IT security and control firm Sophos is warning Gmail users to be on their guard against phishing attacks following news that the email system has been the target of a campaign that spread via the Google Talk instant messaging chat system.

Samples intercepted by SophosLabs reveal that the unsolicited instant messages urge users to 'check out this video' by clicking on a link via the TinyURL service. The link, however, directs users to a website called ViddyHo - which asks surfers to enter their Gmail usernames and passwords. Sophos experts warn that the hackers behind ViddyHo could then use the details they have stolen to break into accounts, steal sensitive information and commit identity theft.

'We're all used to receiving suspicious communications via email, but these attacks arrived via the instant chat system built into Gmail. As a result, more users may fall unwittingly into the trap,' said Graham Cluley, senior technology consultant at Sophos. 'If you think you might have been duped, make sure you change your Gmail password immediately otherwise your entire address book and all your correspondence, including information that you may have archived about other online accounts, will quickly become rich pickings for the hackers.'

Sophos research shows that 41 percent of computer users have the same password for every website they access. It is therefore crucial for victims of this attack to change their passwords on any site where they are using the same password as on Gmail.

'The message is simple. You should always be wary of clicking on unsolicited links whether received over email or IM, and be extremely careful whenever a website asks you to enter your username and password for another site,' continued Cluley.

TinyURL has now blacklisted the site, meaning that the link will no longer work. However, there is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo