Google and Yahoo! have joined a growing roster of Web-based email service providers with users duped by hackers into betraying passwords to accounts.
A day after Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online, the list of victims was growing to include users of an array of email services.
In an email to SBS, Google Australia said this wasn’t a breach of Gmail’s security system.
“This is not a breach of Gmail security, but rather a scam to get users to give away their personal information to hackers. Once the attackers gain user credentials, they can easily access and modify the affected accounts as they desire. This may include changing a user’s contact list, altering the inbox, or even deleting the account”.
Google Austrlaia would not comment on how many accounts had been tampered with and weren’t able to provide anyone for comment.
“We recently became aware of a phishing scheme through which hackers gained user credentials for Web-based mail accounts including a small number of Gmail accounts,” Google said in its statement.
Cyber-crooks evidently used “phishing” tactics to trick users of free Web-based email service into revealing account and access information.
“We are aware that a limited number of Yahoo! IDs may have been made public,” Yahoo! said in a statement. “Online scams and phishing attacks are an ongoing and industry-wide issue.”
In an email to SBS, Google Australia recommends only entering your sign-in credentials at the sign in stage only.
“To keep your Google account secure online, we recommend you only ever enter your Gmail sign-in credentials to web addresses starting with 上海性息,www.google.com/accounts, and never click-through any warnings your browser may raise about certificates”.
Time Warner subsidiary AOL, in response to an AFP inquiry, said it is “closely monitoring the situation.”
“Our guidance to users is to keep your wits about you: do not click on live links, or insert any details into input fields in emails, pop-ups or Web pages if you are not sure where they come from.”
Microsoft said Monday that it learned of the latest problem during the weekend after Hotmail account information of “several thousand” users, many of them reportedly in Europe, was posted at a website.
The unconfirmed list of Hotmail accounts compromised by “phishing” has grown into the tens of thousands.
“We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website,” Microsoft said. “We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.”
Phishing is an Internet bane and involves using what hackers refer to as “social engineering” to trick people into revealing information online or downloading malicious software onto computers.
What is phishing?
Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites.
Microsoft, Google, and Yahoo! stressed that hackers did not breach their databases, but rather email users were conned into revealing information.
“Phishing is an industry-wide problem… exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software,” Microsoft said.
Google advises Gmail users not to “click through” on warnings browsers may raise about certificates nor sign in at Web addresses that don’t start with google.com/accounts.
Web-based email users who suspect their accounts have been compromised should change passwords and check to make certain any secondary email or texting options in accounts have not been changed.
“We encourage users to be very careful when asked to share their personal information,” Google said.
The email service providers urged people to visit pages at their websites with advice and tools for protecting accounts.