Thoughts on Privacy and Security


Google+ Demand leads to Invite Scam on Facebook

The web has been buzzing over Google’s newest entry into the social networking space, Google Plus. Google’s social network has seen an increase in demand for invites to the service, similar to the wave of users that were trying to gain access to Google’s webmail service, GMail. So it comes as no surprise that Facebook scammers have chosen to take advantage of this demand by duping users into another scam.

Google Plus "Facebook Page" now has over 9,000 "likes"

Users will see an update like the one above in their news feeds. It shows that nearly 9,000 users have liked this page.

Google Plus - Get Your Invites through a Facebook App?

Users are encouraged to click on the “Get Direct Access” link on the wall for this page.

Google+ Invite - Rogue Application

While Likejacking scams have been on the rise recently, Facebook Application scams have been declining for months. However, this instance shows that rogue applications are not quite dead yet.

Note that this application is requesting access to a user’s email address. This leads me to believe that the goal here for scammers is to build a list of fresh e-mail accounts that may either be sold or used in future scams.

Google Plus - Users must "Like" the page to proceed

Before users are given “direct access” to Google+, they are asked to “like” the scam page.

Google+ Invite Friends - Help Spread The Scam

Most Facebook scams need staying power and the best way to achieve that is to reach as many eyeballs as possible. So the best way to achieve this by also encouraging users to invite their friends to install this application.

The next time a friend logs into their Facebook account, they will be greeted with this Facebook notification:

Google Plus - Facebook Notification

After all of the run around, the application redirects users to the plus.google.com homepage, where they are asked to sign-in. Once they do, they are greeted with the notice that Google Plus has exceeded capacity. So much for getting direct access after all.

Google Plus - Exceeded Capacity


1. Users should start by removing the rogue application from their Facebook profile. It will appear at the top of your list:

Google Plus - Remove Application

2. Once the application is removed, users should go back to the fake Google+ invite page and select “report page” from the menu below.

Google Plus - Report Page

3. Users should check their own profile page to be sure there aren’t any traces of the fake application left on their walls.

4. Finally, users should advise friends and family that there are scams making the rounds about Google Plus and this is just one example.

3 years ago

July 12, 2011