Since its debut, Google Plus invites have been a hot ticket on the Internet. As with any topic that becomes a meme or goes viral, scammers are taking advantage of the popularity of Google Plus and baiting users into clicking on false leads promising invites to Google’s social network.
Facebook is no different. The world’s largest social network is a common vector for malware attackers. The phishing attack is the same as almost any other Facebook scam – it promises something it cannot deliver and attempts to hook you and your friends into the application and then take control of your Facebook account. The irony of the situation, of course, is that scammers are taking advantage of users’ lust for a different social network in order to hijack their Facebook pages.
The app works like this: In a user’s newsfeed they will see a post for something along the lines of the “Unofficial Google Plus Fan Page” promising an invite and the ability to invite 50 of your friends. Once you install the application it will ask you to “like” the page, even before you have seen it. You will then be able to invite 50 of your friends to Google Plus through the familiar “suggest a friend” interface. Friends who receive the invite will think that you have checked out Google Plus or the application and think it is safe.
“What we end up with is many thousands of people who have given a third party application, written by persons unknown, complete access to their Facebook page,” wrote Graham Cluley of Sophos Security. “That means they can later use your Facebook account to post spam messages, distribute other money-making scams, steal your personal information, and post in your name.”
This Facebook scam is almost identical to many other Facebook scams that have come before. Substitute the words “Osama bin Laden” or “Barack Obama” or “Michael Jackson” instead of Google Plus and it would look an awful lot like rogue applications that have run through Facebook before.
The best prevention for these types of attacks is common sense. Do not click on links that look suspicious and do not give random third-party applications access to your Facebook page. Cluley and Sophos have a short video that shows the steps needed to remove malicious applications from your Facebook account. Check it out below.