Limitless Pulse

I just got a Google Talk chat message that popped into my inbox from my friend, Lynnel:

5:56 PM Lynnel: hey, check out this video : http://tinyurl.com/…

I shouldn’t have gone as far as I did, but I clicked the link. It took me to a page that said it had an image waiting for me, and that I could access it by providing my Google user/pass. Even from the text of the message it looked bad, but it was clear then that it was a phishing scam. I closed the tab, then emailed Lynnel telling her that her account might be hijacked. Lynnel got back to me saying, yes, it had been cracked, but that she’d already changed her password. She then asked if there was anything else she should do.

I’ve never been in this situation, so I told her it might be necessary to send a message to her blanket Gmail contact list warning people of the scam. In my opinion, this wouldn’t be acceptable in almost any other case, but here I’m thinking it could save a lot of people from getting their own accounts hijacked or worse.

I’m pretty good at recognizing these scams when they pop up, but here even I went as far as to click the link. It’s possible for attackers to gain control of machines by getting people to simply view a specially crafted image on a website. That could of course be happening here.

What is the acceptable reaction in this type of situation?