Welcome to WebmasterWorld Guest from 54.145.221.99

Forum Moderators: open

Message Too Old, No Replies

Phishing Scam Hits Google Mail Users

   
3:12 pm on Feb 25, 2009 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Phishing Scam Hits Google Mail Users [bits.blogs.nytimes.com]
Now its chat service appears to be the conduit for a rapidly spreading phishing scam.

Gmail users who are logged into the accompanying chat service Google Chat, as most are, have been getting messages that appear to be from friends, urging them to click on a Web address starting with tinyurl.com that takes them to a site called ViddyHo. The site asks for the personís Gmail log-in information and then hijacks the account, sending out chat messages to all of the userís contacts and spreading itself further.

3:19 pm on Feb 25, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



same thing that happened with paypal; if you don't know yet, don't sign into google in a domain not owned by google.

although google owns so many properties it may be hard for someone to know what is owned by google. like i sign into youtube with my google credentials all the time. i'm not sure if feedburner offers the same thing;

another problem could arise if you are invited to join a site through google friend connect; they may have a fake widget embedded to lead you to sign in with your google credentials; and blau! phished!

5:39 pm on Feb 25, 2009 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Urging them to click on a Web address starting with tinyurl.com

That is the root of all evil if you ask me. Anything behind a shortened URI cannot be trusted. These types of services are on their way out.

What a mess! I've been urging others to also not follow shortened URIs if they are not absolutely sure of its creator. And even then, that third party middle man makes the hair on me neck stand up.

I think this can be seen as killing two birds with one stone. First the Google phish and then the reputation/trust hit on TinyURL. Which was the prime target? Google? Or TinyURL? ;)

7:15 pm on Feb 25, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



don't sign into google in a domain not owned by google

That sounds like basic common sense but it's amazing how many people do. It's sites like facebook that wear down people's caution - people seem largely happy to provide their login details at places like facebook. Where then do you draw the line?
2:10 pm on Feb 26, 2009 (gmt 0)

5+ Year Member



Lots of wolfs out there and no shortage of little girls with red hoods.

Scams like this will never go away. It's just a matter of educating people on how to spot them.

2:12 pm on Feb 26, 2009 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



You wonder where brains are stored. These kind of scams don't work when ... heck I'm preachin' to the choir!
7:52 pm on Mar 2, 2009 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member



These kind of scams don't work.

Unfortunately they do to some degree when first exploited. As I alluded to above, I think there are other things at play here. For me, I am now leery of clicking on links that are converted through a URI shortening service. I'll follow them on Twitter because I'm trusting the creator in that instance. But I would NEVER follow one that I couldn't determine the destination and/or the source.

Do you think people are still going to follow those TinyURL links so freely now? As this becomes more and more "in the wild" as they say, you might think that industry has a short life span right now. Anything that interferes with the click to the destination is at risk of being retired to the marketing graveyard. ;)