A phishing attack is targeting thousands of web-based email users, according to the BBC and Read Write Web. Tens of thousands of users of each site have already been victimized, with the usernames and passwords available on lists.
The scam to entice the users to offer up their private passwords, phishers imitate legitimate sites and ask for login information. The reports didn’t indicate what site the phishers were imitating.
This comes hot on the heels of Gmail dabbling with showing favicons from a few trusted senders. Maybe they should start considering
The first list of 10,000 usernames covered users of Hotmail sites, AOL, Gmail, Yahoo, Earthlink and Comcast email services. But only usernames starting with A and B were included—meaning that there could be hundreds of thousands of other victims.
The lists were originally posted on pastebin.com, a site for sharing snippets of code. The owner of pastebin has removed the lists and plans to put more safeguards against this kind of activity.
Worried your account was affected? A Google spokesperson said:
We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.
As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.
If you think your account was affected, change the password. If you use the same password on other accounts, change it there, too.
What do you think? Is there more Google et al. can do to prevent phishing? What can we do to safeguard against it?