Gmail users were hit with a double whammy Tuesday.
Only hours after Google Inc. fixed a two-and-a-half hour Gmail outage , users of the hosted e-mail service 's instant messaging tool were slammed with a phishing attack. Graham Cluley , a senior technology consultant with the UK-based security firm Sophos, wrote in a blog post Wednesday that the attack spread through the Gmail's Google Talk chat system.
The attackers sent Gmail users an instant message with no more of a lure than the message "check out this video" and a link from the TinyURL service, according to Cluley. The link, which is no longer working, took users to a website called ViddyHo that asked surfers to enter their Gmail usernames and passwords.
Cluley noted that TinyURL has blacklisted the phishers' site so that its no longer operational.
"The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet," wrote Cluley. "Potentially, a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence, including information that you may have archived about other online accounts."
A Google spokesman noted in an email to Computerworld that the company has received "a number of reports" about the phishing attack from users. "We have blocked the addresses being used to send these messages, and users of Firefox, Safari, and Google Chrome will receive a phishing warning when trying to visit the ViddyHo.com site. We have also identified Viddyho.com in our search results as a phishing site," he said. "We encourage users to be very careful when asked to share their personal information."
The security consultant noted that people are often more susceptible to phishing or malware attacks that are spread via instant message than those that spread through email. People simply are more accustomed to being wary of email, leaving themselves vulnerable to other forms of attacks.
"If you were unfortunate enough to fall for this scam, make sure to change your Gmail password immediately. In fact, also change your passwords on any other site where you might be using the same password as on Gmail," said Cluley.
The Google spokesman added that users also should update their Gmail security questionnaire.
Prior to the phishing attack Tuesday, Google engineers had worked to get Gmail back up on its feet after a two-and-a-half-hour outage that kept some users from accessing their e-mail entirely and forced others to wait a minute or more for their email to open.
Acacio Cruz, Google's Gmail site reliability manager, wrote in a Google blog post Tuesday that the company's engineers are still trying to pinpoint the cause of Tuesday's outage. "We know that for many of you, this disrupted your working day," he added. "We're really sorry about this, and we did do everything to restore access as soon as we could. Our priority was to get you back up and running."
The Gmail outage comes just a week after Google acknowledged that some users had experienced problems getting results from Google News searches over a span of more than 14 hours last Wednesday. Some users reported that they weren't getting any results when they were searching for keywords, such as Microsoft or even Google, in Google News. Other users reported that entire news sections, such as Science/Technology, were coming up empty of any stories.
And last December, Google confirmed that there was a technical problem with Google Talk and the Web-based Gmail chat system. One day early in the month, messages created by a "subset" of users were left unsent because of glitches in the messaging system, according to Google spokesman Andrew Kovacs .
This story, "Gmail's One-Two Punch: Phishers Attack After Outage" was originally published by Computerworld.