Gmail, Yahoo, AOL Also Hit By E-mail Phishing Attacks
On Monday, it was widely reported that hackers gained access to several thousand of Windows Live Hotmail customers' credentials through a possible phishing attack.
The report was confirmed by Microsoft.
But according to the BBC, the list of hacked e-mail addresses referred to on Monday not only contained information from Hotmail accounts, but also from Gmail, Yahoo, AOL, Comcast and EarthLink accounts.
However, the BBC wrote, it was unclear whether the phishing attacks on the various e-mail accounts are part of a single attack or multiple attacks.
The BBC also reported that Google confirmed that less than 500 Gmail accounts were affected by the phishing attacks, but that there may be more lists of compromised data resulting from the attack than previously reported.
A Google spokesperson, responding to Channelweb.com via email, said that the break-in was not a Gmail security breach, but instead was a phishing scheme, and that Google reset the passwords as soon as it became became aware of the issue.
"We recently became aware of a phishing scheme through which hackers gained user credentials for web-based mail accounts including a small number of Gmail accounts. As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts if we become aware of them," the Google spokesperson wrote.
The spokesperson also wrote that Google recommends users follow simple security procedures by only entering their Gmail sign-in credentials to Web addresses starting with https://www.google.com/accounts, and never click-through any warnings about certificates. Google also warns users to be careful when asked to share their personal information, the spokesperson wrote.
For users who cannot access their accounts, they can click here to regain access, the spokesperson wrote.
Pronounced "fishing," phishing is a scam to steal user information such as credit card and social security numbers, IDs and passwords by sending an e-mail to a user that looks as if it came from a trusted person or institution such as a bank or retailer in an attempt to convince the recipient to send in the personal information, which can then be used in identity theft or to access company information.
Microsoft on Monday used its blog to warn users against phishing in general.
"Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their antivirus software," Microsoft wrote.
Microsoft also told victims of a phishing scheme to update their account information and change their password right away, and gave a step-by-step list of things to do if one falls prey to a phishing attack.