Beware Spoofed Google+ Invites After Your Info and Your Money

Posted by Sam Masiello on

After much ballyhoo Google+, Google's recently launched competitor to Facebook, has launched to a limited audience (as is status quo for many of Google's services as it comes out of the gates).  Typically expansion of the user base of these services occurs as a result of invitations sent out from people who are using the service to those who are not.

Facebook sites that look like official Google Plus pages are already being setup and advertised to users over other social networking sites like LinkedIn.  Below is a screen shot of one such page (many more will surely emerge over the coming days):

Remember that liking a product or service on Facebook means that their announcements will appear in your news feed going forward.  Setting up a page and using the appropriate logos make it appear as if it is the official site for that product is simple, takes minutes, and can be done by anyone.  Someone setting up a Facebook fan page doesn't have to be associated with the product, service, or company represented by the product.

Also, with the popularity of the new Google+ service, it is likely that we will see fraudulent invites coming from cyber criminals just as we see on a regular basis targeting Facebook users.  These attacks could be as benign as simply attempting to obtain email addresses for the purposes of spamming later or as insidious as messages containing to or linking to web sites containing malware to steal credit card and password data.

The likelihood of such spoofing attacks being successful is increased for a couple of reasons:

— For starters, the service is new and available only to a limited audience.  Google disabled the ability for some users to invite friends and expand the Google+ user base as of June 30th citing "insane demand."  This increases the "buzz factor" of the service.  People inherently want to be part of something that they are shut out of.  They want to find out what all of the hype is about.

— Many people have grown uncomfortable with the amount of data being shared with third parties and Facebook application developers and are looking for an alternative.  The brand name recognition of Google could potentially draw similar levels of use and interest, which will naturally also attract criminals.  "Invitations" sent out, particularly during the early days of the service, could prove to be a lucrative social engineering lure.

As always, remain diligent about the sites that you visit, the links that you click, and the pages that you "Like" on social media sites.  You're typically allowing access to more of your sensitive information about yourself than you are aware, and popular new services like Google+ gives criminals yet another avenue to trick you into sharing it.  This can then lead to more sophisticated attacks such as phishing and malware which results in deeper access to data such as credit card information and more which could easily lead to identity theft.


Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About Sam Masiello

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.