Anyone angling for a Google Plus invite beware of email invites arriving in the Inbox that may actually be fake pharmaceutical spam.
Spammers are sending out bogus Google+ invitations that really direct unsuspecting users to online pharmacies, Graham Cluley, senior technology consultant at Sophos, warned on the NakedSecurity blog July 1. The messages look similar to the real emails that users may receive from friends who already have accounts on the latest social networking platform.
Google launched its service June 29 to a limited audience and allowed users to invite their friends to join. As is the case for any site with restricted membership, there has been a lot of interest and high demand as people ask friends and haunt eBay for a coveted invitation. The “insane demand” led Google to temporarily turn off its invitations system on June 30.
“The spammers are no doubt hoping that the email will be too hard to resist for many people eager to see Google’s new social network, although just how many users will be tempted to buy drugs online is a mystery,” Cluley wrote.
Clicking on the links in the fake invite take users to a pharmaceutical Website set up to sell the likes of Viagra, Cialis and Levitra, according to Cluley. The scammers even had a special July 4th promotion, Cluley found.
It’s likely cyber-criminals will use fraudulent invites for other kinds of Website spoofing, Sam Masiello, general manager and chief security officer of Return Path, wrote on the Received Blog July 3. The scams may be as “benign” as obtaining email addresses for future spam campaigns or as malicious as linking to phishing Websites designed to steal credit card and password data or to sites containing malware, Masiello said.
Malicious emails pretending to be from Google+ may become as regular as the messages that target Facebook users, according to Masiello.
There are a number of fake Facebook pages that look like official Google+ pages, claiming to have information about the new site. At least one of them has a “Get the invites of Google Plus” text on the page, encouraging users to click on the link. Since it’s not an official page and it’s not coming from a friend, the resulting invite will be fake.
As long as there’s a lot of interest in joining the site, Masiello expects more of these kinds of pages to pop up. Setting up a Facebook page with appropriate logos is easy to do and can be done by anyone, Masiello said.
Some of these fake pages are being advertised to users on other social networking sites, such as LinkedIn, according to Masiello.
“Popular new services like Google+ gives criminals yet another avenue to trick users into sharing” sensitive information than they expected to, Masiello said. As a result, users should “remain” diligent about sites they visit and links they click on, he recommended. They should also watch what kind of sensitive information they might be sharing, as cyber-criminals can escalate their attacks to steal data such as credit card information.