A couple hours ago, I was pinged by a fellow blogger on Google’s GTalk instant message service, telling me to click on an abbreviated URL link that led to a site called “ViddyHo.” This blogger doesn’t normally ping me, and the message was strangely nonspecific — “hey, check out this video: http://tinyurl.com/cmy22l.” So while I clicked on the link, I felt like something was a little off. Then, almost immediately after I clicked, another non-IMing blogger friend pinged me with a very similar link and message.
I got scared and didn’t do what ViddyHo told me to, which was provide the site with my Google username and password — the bloggers who pinged me weren’t so lucky. ViddyHo had grabbed their info in order to spam me.
It’s not clear how many users gave their info to ViddyHo, but Google is now advising that the site a phishing scam. See the screenshot above that I took at the ViddyHo.com URL. TinyURL, the URL abbreviation service used by the scammer, has also cut it off. I have an email in to Google, asking how many users were affected, how the company plans to stop similar efforts in the future, etc. I’ll update when or if I hear back.
But it’s been a tough day for the company, and I bet they have their hands full. Gmail — a service that many use in conjunction with GTalk — went down around the world.
Hopefully the ViddyHo perp is just a talented yet foolish hacker messing around, and not someone who will violate the Google accounts they’ve just gained access to. Perhaps, as Marshall Kirkpatrick notes on ReadWriteWeb, this person just wanted more pageviews:
The page itself is quite benign looking, though we find it pretty funny that whoever has created the attack has put pageview tracking code from both Google Analytics and Quantcast on it. Impressed much with yourself, you little social engineer you?
Anyway, for everyone who didn’t get hit with this phishing spam, hey, check out this video http://tinyurl.com/bq9vfw.
[Update: This in from a Google spokesperson:
We’ve seen a number of reports from users who’ve received links from instant messages appearing to be from friends that ask them to visit a web site called ViddyHo.com and subsequently enter their Google Talk or Gmail username and password. This is a phishing attempt, and we encourage users to be very careful when asked to share their personal information.
We have blocked the addresses being used to send these messages, and users of Firefox, Safari, and Google Chrome will receive a phishing warning when trying to visit the ViddyHo.com site. We have also identified Viddyho.com in our search results as a phishing site.
If you have entered your username and password at Viddyho.com, please make sure to change your Google Account password and update your security question for account security. To learn how, see our Help Center article on changing your password.
Also, The Crimson (the independent student newspaper at Harvard University) believes it has tracked the culprit down. More here.]