Gmail users hit by ViddyHo phishing chat attack

Graham Cluley
Graham Cluley
@[email protected]

It’s not been a good 24 hours for Gmail users. Having survived a blackout yesterday morning, fans of Google’s email system have been the target of phishing campaign spreading via the Google Talk chat system.

Google Talk message telling recipients to visit Viddyho's website

The unsolicited instant messages urge Gmail users to “check out this video” by clicking on a link via the TinyURL service. The link, however, directs users to a website called ViddyHo – which asks surfers to enter their Gmail usernames and passwords.

Viddyho phishing page

Sign up to our free newsletter.
Security news, advice, and tips.

This is, of course, a classic attempt to phish credentials from the unwary. The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet.

Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there’s a chance that some users may be more likely to fall into the trap.

If you were unfortunate enough to fall for this scam – make sure to change your Gmail password immediately. In fact, also change your passwords on any other site where you might be using the same password as on Gmail.

As some 41% of people use the same password for every website they access, you can understand how letting your credentials fall into the wrong hands could be disastrous.

Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence – including information that you may have archived about other online accounts.

The message is simple. You should always be wary of clicking on unsolicited links and be extremely careful whenever a website asks you for a username and password.

TinyURL has now blacklisted the site, meaning that their link will no longer work. However, there is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.