Just a while back i got an Instant Message from one of my colleagues who hardly ever chats with me. Surprisingly it was a Tinyurl link which said something like – “LoL! Check out for this funny video “, which was so unlike him to send an URL of a funny video. But still i went ahead and clicked on it and i was taken to a website – Viddyho.com (I am not linking to it – no way) which asked me to login to GTalk by entering my GMail username and password in the space provided!
Obviously it looked fishy (phishy). Why would anyone needs to login to GTalk to watch a funny video? Good try buddy, but I am not someone who would fall for it! But I am not sure how many have fallen for it. One of them of-course was my friend who had promptly logged on using his GTalk user-id and password. Once he did, it smartly sent IMs to all his contacts with tinyurls pointing to viddyho.com. It might just be a prank or an actual phishing link. I am not too sure about it right now. But I would surely update this post soon. Keep plugged in.
Update:
@Mashable tweets to all their followers on twitter about Viddyho being a scam site. Still no clarity on if its a phishing link or not.
Update2:
Lot of people confirming about this and now asking for a solution. If you have fallen PREY, just change your password RIGHT NOW. if you are on Firefox, clear your cache and cookies and restart your Browser. More updates soon.
Update3:
My small VPS was not able to handle so many concurrent users. Sorry for any downtime. Blogstring confirms that Viddyho is indeed part of a phishing network with similar phishing hooks for Myspace, MSN messenger, ICQ etc.
Image updated & Credit: NyTimes
If you enjoyed this post, make sure you subscribe to my RSS feed!
Related Posts:
February 25th, 2009 at 12:33 am
Got msgs like this from few folks…..i thght, “Why wld anyone sign-up into a website with his / her gmail id and password to watch a VIDEO?”.
Definitely a phishing site!!
BEWARE
[Reply]
February 25th, 2009 at 12:36 am
Hey, I too got that but I of course did not enter my precious password over there
People should at least change their password after such foolishness. I’m glad that such phishing sites don’t take the passwords from our stored cookie sessions.
[Reply]
February 25th, 2009 at 12:38 am
Surely, Its happening… I have atleast got 5-6 of them in last 1 hour… Luckily, I did not give my id/password…
[Reply]
February 25th, 2009 at 12:50 am
omg! please post a solution to this. like your friend, i unsuspectingly did the same thing and it proceeded to send all my contacts that crazy message. i change my password and i’m hoping that solves the problem. would love to see if there are more steps needed to fix this. thanks!!
[Reply]
Raju Reply:
February 25th, 2009 at 1:02 am
@VS,
Change your password right NOW. If you are on Firefox, clear your cache and cookies.
[Reply]
February 25th, 2009 at 12:50 am
I just had someone tinyurl me the same link over iChat. Some long viddyho.com url slash a bunch of stuff. It took forever to load, so I closed the tab.
I IM’d him back asking what it was, and he told me he got some kind of virus on his iChat client. He appears to keep going online/offline, but hasn’t sent me anything since.
Hoping I’m not at risk because the page never loaded.
Tims last blog post..*Energy Star* Sofas
[Reply]
February 25th, 2009 at 1:01 am
SCAM! Because it happened to me and @ekai as well.
don’t give away those gmail passwords peeps!!!
[Reply]
February 25th, 2009 at 1:16 am
It happened to me too. I received a video message in gtalk from someone I have not chatted with in 3-4 years. Even if it had been from a friend, none of them are retarded enough to start a message with ‘lol’. I did a preview.tinyurl.com and saw it linked to some viddyho website. Nice try, @$$holes! I am not falling for it. Though I received a couple more of those links so some people are buying it. If this spreads, tinyurl.com will be pariah-ed , and I feel sad for that.
[Reply]
February 25th, 2009 at 1:36 am
you might add to the article: dON’t Ever eVer put your password into a site that is not the site where you created it.
it’s like sharing needles or sleeping around – at some point it’ll catch up with you
[Reply]
February 25th, 2009 at 4:51 am
If you clicked on the click but didn’t enter any info, are there any precautions to take? I guess I clicked on the tinyurl link during the peak of the storm because the viddyho website was down (servers were busy), although I definitely wouldn’t have been silly enough to fork over my password…
[Reply]
Raju Reply:
February 25th, 2009 at 7:08 am
@latestnightowl,
I did the same thing and I didn’t want to risk my gmail account at any cost. Just changed my password.
[Reply]
February 25th, 2009 at 5:40 am
I think we should see the complete URL first before entering our credentials.. I really dont understand how people take it so lightly..
Yogindernaths last blog post..How to Data Drive a Test Script using IBM – RFT?
[Reply]
February 26th, 2009 at 2:19 pm
We are told all the time not to click on links in emails, but on Twitter it is flooded with TinyUrl, are they any safer, NO.
I never got this in my gtalk, but I did see this somewhere else though, I never did click on the link.
[Reply]
Raju Reply:
February 26th, 2009 at 2:50 pm
@Ross,
Valid points mate!
[Reply]