LinuxDevices.com Archive Index (1999-2012) | 2013-current at LinuxGizmos.com | About  

Google+ struggles with scams, privacy holes, and ‘insane’ demand

Jul 6, 2011 — by LinuxDevices Staff — from the LinuxDevices Archive — views

Scammers are taking advantage of the intense demand for Google+ invites to send users fake invitations to online pharmacies, say security experts. Meanwhile, Google has begun patching a Google+ privacy hole, and analysts debate whether the Android-friendly social networking service can put a dent in Facebook.

Android users angling for a Google+ invite may instead encounter email invites that are actually pharmaceutical spam. Spammers are sending out bogus invitations to Google's new Android-based social networking service that direct unsuspecting users to online pharmacies, warned Graham Cluley, senior technology consultant at Sophos, on the NakedSecurity blog. The messages look similar to the real emails that users may receive from friends who already have accounts on the latest social networking platform.


The fake Google+ invite at left links to an online pharmacy site (right)

Source: NakedSecurity
(Click on either to enlarge)

Clicking on the links in the fake invite take users to a pharmaceutical website set up to sell the likes of Viagra, Cialis, and Levitra, according to Cluley. The scammers even had a special July 4th promotion.

"The spammers are no doubt hoping that the email will be too hard to resist for many people eager to see Google's new social network, although just how many users will be tempted to buy drugs online is a mystery," Cluley wrote.

Google launched its Google+ service June 29 to a limited audience. The invites allow users to invite their friends to join an early version of the service by downloading a Google+ Android app (see images farther below).

As is the case for any site with restricted membership, there has been a lot of interest and high demand as people ask friends and haunt eBay for a coveted invitation. Citing "insane demand," Google temporarily turned off its invitations system on June 30.

It's likely cyber-criminals will use fraudulent invites for other kinds of website spoofing as well, Sam Masiello, general manager and chief security officer of Return Path, wrote on the Received Blog July 3. The scams may be as "benign" as obtaining email addresses for future spam campaigns, or as malicious as linking to phishing websites designed to steal credit card and password data or to sites containing malware, Masiello wrote. Malicious emails pretending to be from Google+ may become as regular as the messages that target Facebook users, according to Masiello.

There are a number of fake Facebook pages that look like official Google+ pages, claiming to have information about the new site. At least one of them posts "Get the invites of Google Plus" text on the page, encouraging users to click on the link. Since it's not an official page and it's not coming from a friend, the resulting invite will be fake.

As long as there's a lot of interest in joining the site, Masiello expects, more of these kinds of pages will pop up. Setting up a Facebook page with appropriate logos is easy to do, according to Masiello. He also suggests that some of these fake pages are being advertised to users on other social networking sites, such as LinkedIn.

Google+ Android app
(Click on either to enlarge)

"Popular new services like Google+ give criminals yet another avenue to trick users into sharing" sensitive information than they expected to, Masiello said.

As a result, users should remain diligent about sites they visit and links they click on, he recommended. They should also watch what kind of sensitive information they might be sharing, as cyber-criminals can escalate their attacks to steal data such as credit card information.

Google+ faces steep climb, say analysts

As Google launched Google+ June 29, the company showed how serious the company was about pushing its new Facebook rival when it gave its Google.com, Google Search, and Maps user interfaces a Google+ makeover.

The new Google homepage, for example, sports a smaller logo, with links for the web, images, maps, and other search options moved to the top, and links for advertising, business partners, and company information pushed to the bottom. What the vast majority of Google web services users can't see is that Google+ has ostensibly taken over the top toolbar in Google+ users' browsers.

Yet, Google will need to do more than integrate Google+ in its services' UI if it wants to make headway against Facebook and Twitter, say analysts in this Clint Boulton story on eWEEK

Privacy is one concern. Altimeter Group founder Charlene Li was quoted by Boulton as saying that users are forced to link their private Gmail address to Google+, and that she can't stop people from adding her to circles. "They need to find that privacy button fast!" she told eWEEK.

Meanwhile, Google is already patching another "privacy hole" in Google+, according to a July 2 eWEEK story. The patch, which will go into effect next week, lets users turn off the resharing feature for their Google+ posts.

Currently, Google+ users can reshare what users in their social Circles have posted to anyone in their own Circles, which may include people whom the original poster did not wish to see the content. The patch lets users disable the feature.

While the Google+ interface has earned high marks, the service may inherently be more difficult to use due to its various exclusivity features. The service's distinguishing "Circles" feature, for example, enables users to set up smaller, more focused groups of friends. Circles will be compelling to many, noted tech blogger Robert Scobie in a recent blog entitled "Why yo momma won't use Google+ (and why that thrills me to no end)," but curating the circles may prove to be a challenge. And yet, as the blog's title suggests, that may not be such as bad thing after all.

IDC analyst Hadley Reynolds told eWEEK that Circles aligns powerfully with how people actually relate. Moreover, the Hangouts group video chat feature could be great for geographically extended families and business workgroups, he added.

Reynolds noted, however, that Facebook has the tremendous advantage of being the social home base of choice for hundreds of millions of users. They will likely be reluctant to take the time and effort to create another profile, another set of connections, and another destination to frequent and to maintain over time, he added.

"We only have so much time to invest in the social web," Reynolds told eWEEK. "Any new entrant in the market — and in this segment, Google still is a newbie — will need something truly different and valuable to shake people out of their Facebook habit."

Fahmida Rashid is a writer for eWEEK.


This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.