Hackers Use Gmail IM Service to Steal Login Details

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Hackers are sending phishing emails to Gmail users via the Google Talk instant messaging system, Sophos has revealed.

The security firm said Gmail users were receiving unsolicited instant messages that urged them to view a video by clicking a TinyURL link.

However, the hoax link navigates to a website called ViddyHo, where web users are asked to enter their Gmail username and password.

"We're all used to receiving suspicious communications via email, but these attacks arrived via the instant chat system built into Gmail. As a result, more users may fall unwittingly into the trap," said Graham Cluley, senior technology consultant at Sophos.

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Research by Sophos revealed that 41 percent of web users have the same password for every site they visit. It is because of this Sophos is urging any victims of the hoax site to change the passwords on any site that shares the same log-in details as their Gmail account.

"If you think you might have been duped, make sure you change your Gmail password immediately otherwise your entire address book and all your correspondence, including information that you may have archived about other online accounts, will quickly become rich pickings for the hackers."

TinyURL has now blacklisted the site, so the link will no longer work. However, Sophos warned that there is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites.

"The message is simple. You should always be wary of clicking on unsolicited links whether received over email or IM, and be extremely careful whenever a website asks you to enter your username and password for another site," added Cluley.

Gmail suffered a two-hour outage yesterday, which prevented a number of users of Google's webmail service accessing their accounts.

See also: Jack Straw's Hotmail account used to send hoax emails.

This story, "Hackers Use Gmail IM Service to Steal Login Details" was originally published by PC Advisor (UK).

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon