Google’s Gmail has become the target of an industry-wide phishing scam. Phishing is when hackers create fake websites in an attempt to get voluntary information like e-mail or bank account passwords. Although this particular phishing scheme originally targeted Hotmail accounts, BBC News has seen lists detailing more that 30,000 Gmail accounts that have been hacked into and posted online.
A Google spokesperson stated “We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts. As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.” The company spokesperson stressed the fact that the attack was “not a breach of Gmail security.”
Google discovered the scam after a list of 20,000 victims emerged containing Hotmail, Aol, Yahoo, and Gmail accounts. Though some of the accounts are unused or fake, it has been confirmed that several of the accounts are real and are in use daily. A spokesperson for Microsoft stated that phishing was an “industry-wide problem.” A Yahoo spokesman urged customers to “take measures to secure their accounts whenever possible, including changing their passwords.”
The biggest risk according to a study by Sophos Security firm, was the fact that 40% of people use their e-mail passwords for every other website they have an account with, making hacking almost easy. Carole Theriault, a Sophos employee, told BBC News “Getting access to one password can give someone access to lots of things. People need to see a difference between an online bank account and booking cinema tickets online.” It is important for computer users to install and continually download updates for their security systems to help protect against scams like these. Users should also be wary of the links given to them in e-mails from people they don’t know and even the ones they do.
(Via BBC News)