Beware Spoofed Google+ Invites After Your Info and Your Money

After much ballyhoo Google+, Google's recently launched competitor to Facebook, has launched to a limited audience (as is status quo for many of Google's services as it comes out of the gates).  Typically expansion of the user base of these services occurs as a result of invitations sent out from people who are using the service to those who are not.

Facebook sites that look like official Google Plus pages are already being setup and advertised to users over other social networking sites like LinkedIn.  Below is a screen shot of one such page (many more will surely emerge over the coming days):

Remember that liking a product or service on Facebook means that their announcements will appear in your news feed going forward.  Setting up a page and using the appropriate logos make it appear as if it is the official site for that product is simple, takes minutes, and can be done by anyone.  Someone setting up a Facebook fan page doesn't have to be associated with the product, service, or company represented by the product.

Also, with the popularity of the new Google+ service, it is likely that we will see fraudulent invites coming from cyber criminals just as we see on a regular basis targeting Facebook users.  These attacks could be as benign as simply attempting to obtain email addresses for the purposes of spamming later or as insidious as messages containing to or linking to web sites containing malware to steal credit card and password data.

The likelihood of such spoofing attacks being successful is increased for a couple of reasons:

— For starters, the service is new and available only to a limited audience.  Google disabled the ability for some users to invite friends and expand the Google+ user base as of June 30th citing "insane demand."  This increases the "buzz factor" of the service.  People inherently want to be part of something that they are shut out of.  They want to find out what all of the hype is about.

— Many people have grown uncomfortable with the amount of data being shared with third parties and Facebook application developers and are looking for an alternative.  The brand name recognition of Google could potentially draw similar levels of use and interest, which will naturally also attract criminals.  "Invitations" sent out, particularly during the early days of the service, could prove to be a lucrative social engineering lure.

As always, remain diligent about the sites that you visit, the links that you click, and the pages that you "Like" on social media sites.  You're typically allowing access to more of your sensitive information about yourself than you are aware, and popular new services like Google+ gives criminals yet another avenue to trick you into sharing it.  This can then lead to more sophisticated attacks such as phishing and malware which results in deeper access to data such as credit card information and more which could easily lead to identity theft.

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time