Advertisement

Security News

Gmail, Yahoo, AOL Also Hit By E-mail Phishing Attacks

Joseph F. Kovar
phishing

On Monday, it was widely reported that hackers gained access to several thousand of Windows Live Hotmail customers' credentials through a possible phishing attack.

The report was confirmed by Microsoft.

But according to the BBC, the list of hacked e-mail addresses referred to on Monday not only contained information from Hotmail accounts, but also from Gmail, Yahoo, AOL, Comcast and EarthLink accounts.

However, the BBC wrote, it was unclear whether the phishing attacks on the various e-mail accounts are part of a single attack or multiple attacks.

The BBC also reported that Google confirmed that less than 500 Gmail accounts were affected by the phishing attacks, but that there may be more lists of compromised data resulting from the attack than previously reported.

A Google spokesperson, responding to Channelweb.com via email, said that the break-in was not a Gmail security breach, but instead was a phishing scheme, and that Google reset the passwords as soon as it became became aware of the issue.

"We recently became aware of a phishing scheme through which hackers gained user credentials for web-based mail accounts including a small number of Gmail accounts. As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts if we become aware of them," the Google spokesperson wrote.

The spokesperson also wrote that Google recommends users follow simple security procedures by only entering their Gmail sign-in credentials to Web addresses starting with https://www.google.com/accounts, and never click-through any warnings about certificates. Google also warns users to be careful when asked to share their personal information, the spokesperson wrote.

For users who cannot access their accounts, they can click here to regain access, the spokesperson wrote.

Pronounced "fishing," phishing is a scam to steal user information such as credit card and social security numbers, IDs and passwords by sending an e-mail to a user that looks as if it came from a trusted person or institution such as a bank or retailer in an attempt to convince the recipient to send in the personal information, which can then be used in identity theft or to access company information.

Microsoft on Monday used its blog to warn users against phishing in general.

"Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their antivirus software," Microsoft wrote.

Microsoft also told victims of a phishing scheme to update their account information and change their password right away, and gave a step-by-step list of things to do if one falls prey to a phishing attack.

Joseph F. Kovar

Joseph F. Kovar is a senior editor and reporter for the storage and the non-tech-focused channel beats for CRN. He keeps readers abreast of the latest issues related to such areas as data life-cycle, business continuity and disaster recovery, and data centers, along with related services and software, while highlighting some of the key trends that impact the IT channel overall. He can be reached at jkovar@thechannelcompany.com.

Advertisement
Advertisement
Advertisement
Sponsored Post
Advertisement
Advertisement