Scammers are taking advantage of the intense demand for Google+ Invites to send users to fake pharmaceutical Websites.
angling for a Google Plus invite beware of email invites arriving in the Inbox
that may actually be fake pharmaceutical spam.
sending out bogus Google+ invitations that really direct unsuspecting users to
online pharmacies, Graham Cluley, senior technology consultant at Sophos,
warned on the NakedSecurity
blog July 1. The messages look similar to the real emails that users may
receive from friends who already have accounts on the latest social networking
Google launched its
service June 29 to a limited audience and allowed users to invite their friends
to join. As is the case for any site with restricted membership, there has been
a lot of interest and high demand as people ask friends and haunt eBay for a
coveted invitation. The "insane demand" led Google to temporarily turn off its
invitations system on June 30.
spammers are no doubt hoping that the email will be too hard to resist for many
people eager to see Google's new social network, although just how many users
will be tempted to buy drugs online is a mystery," Cluley wrote.
on the links in the fake invite take users to a pharmaceutical Website set up
to sell the likes of Viagra, Cialis and Levitra, according to Cluley. The
scammers even had a special July 4th
promotion, Cluley found.
likely cyber-criminals will use fraudulent invites for other kinds of Website
spoofing, Sam Masiello, general manager and chief security officer of Return
Path, wrote on the Received
July 3. The scams may be as "benign" as obtaining email addresses for
future spam campaigns or as malicious as linking to phishing Websites designed
to steal credit card and password data or to sites containing malware, Masiello
emails pretending to be from Google+ may become as regular as the messages
that target Facebook users, according to Masiello.
There are a number
of fake Facebook pages that look like official
Google+ pages, claiming to have information about the new site. At least one of
them has a "Get the invites of Google Plus" text on the page, encouraging users
to click on the link. Since it's not an official page and it's not coming from
a friend, the resulting invite will be fake.
as there's a lot of interest in joining the site, Masiello expects
more of these kinds of pages to pop up. Setting up a Facebook page with
appropriate logos is easy to do and can be done by anyone, Masiello said.
these fake pages are being advertised to users on other social networking
sites, such as LinkedIn, according to Masiello.
"Popular new services like Google+ gives
criminals yet another avenue to trick users into sharing" sensitive information
than they expected to, Masiello said. As a result, users should "remain"
diligent about sites they visit and links they click on, he recommended. They
should also watch what kind of sensitive information they might be sharing, as
cyber-criminals can escalate their attacks to steal data such as credit card