Gmail chat invaded by phishing scam

Chat “buddies” send links to URLs that infect other machines

Google’s e-mail service has been invaded by a phishing scam that is using instant messaging to dupe unsuspecting users into giving up their passwords.

Once users’ Gmail chats are hacked, the phishers take over users’ chat accounts and send out messages to other users purportedly linking to a “funny video.”  When users click on the link, they are directed to a Website called “ViddyHo,” where they are prompted to enter in their Gmail names and passwords.  The Website then steals users’ account information and uses their chat accounts to send out more messages.

Blogger Nathan Burke looked up domain name information for viddyho.com and discovered that the Website has only been in existence for the past week.  He also notes that viddyho.com is targeting several different chat protocols besides Gmail, including AOL Instant Messenger, ICQ, Yahoo! Messenger, MSN Messenger and MySpace.

The Gmail phishing scam first broke out just hours after Google’s Gmail experienced a significant service outage this morning.  It is unknown at this point whether the outage is connected to the phishing scam.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Google’s e-mail service has been invaded by a phishing scam that is using instant messaging to dupe unsuspecting users into giving up their passwords.

Once users’ Gmail chats are hacked, the phishers take over users’ chat accounts and send out messages to other users purportedly linking to a “funny video.”  When users click on the link, they are directed to a Website called “ViddyHo,” where they are prompted to enter in their Gmail names and passwords.  The Website then steals users’ account information and uses their chat accounts to send out more messages.

Blogger Nathan Burke looked up domain name information for viddyho.com and discovered that the Website has only been in existence for the past week.  He also notes that viddyho.com is targeting several different chat protocols besides Gmail, including AOL Instant Messenger, ICQ, Yahoo! Messenger, MSN Messenger and MySpace.

The Gmail phishing scam first broke out just hours after Google’s Gmail experienced a significant service outage this morning.  It is unknown at this point whether the outage is connected to the phishing scam.

Read more about security in Network World's Security section.