Welcome to WebmasterWorld Guest from 54.196.214.35

Forum Moderators: open

Message Too Old, No Replies

Phishing Scam Hits Google Mail Users

     
3:12 pm on Feb 25, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22318
votes: 240


Phishing Scam Hits Google Mail Users [bits.blogs.nytimes.com]
Now its chat service appears to be the conduit for a rapidly spreading phishing scam.

Gmail users who are logged into the accompanying chat service Google Chat, as most are, have been getting messages that appear to be from friends, urging them to click on a Web address starting with tinyurl.com that takes them to a site called ViddyHo. The site asks for the personís Gmail log-in information and then hijacks the account, sending out chat messages to all of the userís contacts and spreading itself further.

3:19 pm on Feb 25, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 20, 2008
posts:673
votes: 0


same thing that happened with paypal; if you don't know yet, don't sign into google in a domain not owned by google.

although google owns so many properties it may be hard for someone to know what is owned by google. like i sign into youtube with my google credentials all the time. i'm not sure if feedburner offers the same thing;

another problem could arise if you are invited to join a site through google friend connect; they may have a fake widget embedded to lead you to sign in with your google credentials; and blau! phished!

5:39 pm on Feb 25, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 27, 2001
posts: 12166
votes: 51


Urging them to click on a Web address starting with tinyurl.com

That is the root of all evil if you ask me. Anything behind a shortened URI cannot be trusted. These types of services are on their way out.

What a mess! I've been urging others to also not follow shortened URIs if they are not absolutely sure of its creator. And even then, that third party middle man makes the hair on me neck stand up.

I think this can be seen as killing two birds with one stone. First the Google phish and then the reputation/trust hit on TinyURL. Which was the prime target? Google? Or TinyURL? ;)

7:15 pm on Feb 25, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2005
posts:2259
votes: 0


don't sign into google in a domain not owned by google

That sounds like basic common sense but it's amazing how many people do. It's sites like facebook that wear down people's caution - people seem largely happy to provide their login details at places like facebook. Where then do you draw the line?
2:10 pm on Feb 26, 2009 (gmt 0)

Full Member

5+ Year Member

joined:Jan 17, 2007
posts:306
votes: 0


Lots of wolfs out there and no shortage of little girls with red hoods.

Scams like this will never go away. It's just a matter of educating people on how to spot them.

2:12 pm on Feb 26, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:6160
votes: 284


You wonder where brains are stored. These kind of scams don't work when ... heck I'm preachin' to the choir!
7:52 pm on Mar 2, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 27, 2001
posts: 12166
votes: 51


These kind of scams don't work.

Unfortunately they do to some degree when first exploited. As I alluded to above, I think there are other things at play here. For me, I am now leery of clicking on links that are converted through a URI shortening service. I'll follow them on Twitter because I'm trusting the creator in that instance. But I would NEVER follow one that I couldn't determine the destination and/or the source.

Do you think people are still going to follow those TinyURL links so freely now? As this becomes more and more "in the wild" as they say, you might think that industry has a short life span right now. Anything that interferes with the click to the destination is at risk of being retired to the marketing graveyard. ;)