Just a while back i got an Instant Message from one of my colleagues who hardly ever chats with me. Surprisingly it was a Tinyurl link which said something like – “LoL! Check out for this funny video “, which was so unlike him to send an URL of a funny video. But still i went ahead and clicked on it and i was taken to a website – Viddyho.com (I am not linking to it – no way) which asked me to login to GTalk by entering my GMail username and password in the space provided!

viddyho-gtalk-phishing

Obviously it looked fishy (phishy). Why would anyone needs to login to GTalk to watch a funny video? Good try buddy, but I am not someone who would fall for it! But I am not sure how many have fallen for it. One of them of-course was my friend who had promptly logged on using his GTalk user-id and password. Once he did, it smartly sent IMs to all his contacts with tinyurls pointing to viddyho.com. It might just be a prank or an actual phishing link. I am not too sure about it right now. But I would surely update this post soon. Keep plugged in.


Update:
@Mashable tweets to all their followers on twitter about Viddyho being a scam site. Still no clarity on if its a phishing link or not.

Update2:
Lot of people confirming about this and now asking for a solution. If you have fallen PREY, just change your password RIGHT NOW. if you are on Firefox, clear your cache and cookies and restart your Browser. More updates soon.

Update3:
My small VPS was not able to handle so many concurrent users. Sorry for any downtime. Blogstring confirms that Viddyho is indeed part of a phishing network with similar phishing hooks for Myspace, MSN messenger, ICQ etc.

Image updated & Credit: NyTimes

 
Founder-Editor

Raju is the founder-editor of Technology Personalized. A proud geek and an Internet freak, who is also a social networking enthusiast. You can follow him on Facebook and on Twitter. Mail Raju PP. Follow rajupp

 
 
  • iamurdestiny

    Got msgs like this from few folks…..i thght, “Why wld anyone sign-up into a website with his / her gmail id and password to watch a VIDEO?”.

    Definitely a phishing site!!

    BEWARE

  • Kaushal

    Hey, I too got that but I of course did not enter my precious password over there :) People should at least change their password after such foolishness. I’m glad that such phishing sites don’t take the passwords from our stored cookie sessions.

  • Jimish

    Surely, Its happening… I have atleast got 5-6 of them in last 1 hour… Luckily, I did not give my id/password…

  • VS

    omg! please post a solution to this. like your friend, i unsuspectingly did the same thing and it proceeded to send all my contacts that crazy message. i change my password and i’m hoping that solves the problem. would love to see if there are more steps needed to fix this. thanks!!

    • http://techpp.com Raju

      @VS,
      Change your password right NOW. If you are on Firefox, clear your cache and cookies.

  • http://www.energycircle.com Tim

    I just had someone tinyurl me the same link over iChat. Some long viddyho.com url slash a bunch of stuff. It took forever to load, so I closed the tab.

    I IM’d him back asking what it was, and he told me he got some kind of virus on his iChat client. He appears to keep going online/offline, but hasn’t sent me anything since.

    Hoping I’m not at risk because the page never loaded.

    Tims last blog post..*Energy Star* Sofas

  • http://Silona.org Silona

    SCAM! Because it happened to me and @ekai as well.

    don’t give away those gmail passwords peeps!!!

  • atta boy

    It happened to me too. I received a video message in gtalk from someone I have not chatted with in 3-4 years. Even if it had been from a friend, none of them are retarded enough to start a message with ‘lol’. I did a preview.tinyurl.com and saw it linked to some viddyho website. Nice try, @$$holes! I am not falling for it. Though I received a couple more of those links so some people are buying it. If this spreads, tinyurl.com will be pariah-ed , and I feel sad for that.

  • ADD

    you might add to the article: dON’t Ever eVer put your password into a site that is not the site where you created it.

    it’s like sharing needles or sleeping around – at some point it’ll catch up with you

  • http://www.softwaretestinggenius.com Yogindernath

    I think we should see the complete URL first before entering our credentials.. I really dont understand how people take it so lightly..

    Yogindernaths last blog post..How to Data Drive a Test Script using IBM – RFT?

  • latestnightowl

    If you clicked on the click but didn’t enter any info, are there any precautions to take? I guess I clicked on the tinyurl link during the peak of the storm because the viddyho website was down (servers were busy), although I definitely wouldn’t have been silly enough to fork over my password…

    • http://techpp.com Raju

      @latestnightowl,
      I did the same thing and I didn’t want to risk my gmail account at any cost. Just changed my password.

  • Ross Craig

    We are told all the time not to click on links in emails, but on Twitter it is flooded with TinyUrl, are they any safer, NO.

    I never got this in my gtalk, but I did see this somewhere else though, I never did click on the link.

    • http://techpp.com Raju

      @Ross,
      Valid points mate!

  • Jenny

    These points are definitely valid and we should not take it lightly..

  • Jagadish Aahir

    very very nice service.pleae help our non profit organition to prevent cyber crime.thanks