Gmail users targeted in scam attacks

Click to follow
The Independent Tech

Scammers have set their sights on Google's Gmail email service after revelations of widespread attacks on Microsoft's Hotmail yesterday.

Google has confirmed that the popular messaging service is the latest victim, and that it too was a phishing scam - which uses fake websites to trick internet users into revealing personal details.



Over 30,000 users of Hotmail, Yahoo and AOL have been affected, but Google says less than 500 of its Gmail users were victims of the scam.



"As soon as we learned of the attack, we forced password resets on the affected accounts," a Google spokesperson said. "We will continue to force password resets on additional accounts when we become aware of them."



It stressed that it was a phishing scam which tricked users into giving away their own passwords, not an internal systems failure, that led to the problem.



Google had the following advice for Gmail users who fear they've been one of the scammer's victims.

"At the same time we encourage users to be very careful when asked to share their personal information. If you suspect that your account has been compromised, we encourage you to immediately change your password and be confirm your secondary email address is still valid (both are accessible in your Google Account settings). If you can no longer sign into your account, you can regain access by answering security questions here.



News of the first Hotmail attacks - which also targeted users of msn and Windows Live - spread after website Neowin.net reported on a 10,000 strong list of usernames and passwords was found online.



The site said the list which ran alphabetically from usernames A to B was posted on pastebin.com, a site where developers post snippets of programming code.



"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," Microsoft said in a statement after the attack was revealed.



"We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts," the software giant continued.



"Once the attackers gain user credentials, they can easily access and modify the affected accounts as they desire," said the spokesperson, "this may include changing a user's contact list, altering the inbox, or even deleting the account."

"To keep your Google account secure online, we recommend you only ever enter your Gmail sign-in credentials to web addresses starting with https://www.google.com/accounts and never click-through any warnings your browser may raise about certificates. We also provide the option to run Gmail sessions using https and strongly encourage users to update their secondary email address and SMS recovery option in case their account is compromised

Source: NZ Herald

Comments