::Trend Micro Threat Resource Center::

15 July 2011

Google+ related scams move to Facebook

Scammers continue to take advantage of the great interest raised by the introduction of Google+ and have begun tricking Facebook users into giving them access to their accounts via a rogue application.

Users are lured in by updates on their news feeds seemingly posted by their friends, which "like" the "Google+ - Get Invite" Facebook page. Clicking on the link gets them to said page, where the rogue app by the name "Google Plus - Direct Access" is linked.

Clicking on the link initiates the request for permissions from the app:


There are people who will become suspicious once they see that the app wants to post things on their Wall, have access to their data at any time and be able to send them emails, but there are obviously still a lot of users who fall for these kind of scams.

Once the permission is given, the victim is urged to "like" the page that propagates the app and is encouraged to send and invite to his friends to visit it - in the hope that they will fall more easily for the scam if a friend of theirs appears to be supporting it.

When all this is done, the user is redirected to the official Google+ homepage. But, if he tries to sign-in, he is faced with the notice that the service has currently exceeded capacity.

Researcher Satnam Narang believes that one of the scammers' goals is to build a list of fresh e-mail accounts that may either be sold or used in future scams, but is also quite likely that once the access to victims' accounts will be misused to spread other scams and/or malicious links.

If you have fallen for this scam, be sure to revoke the permissions you gave the rogue app, delete all mentions of it from your account and warn your friends about it. It is also a very good idea to report the scammy page to Facebook by going to the page and selecting the "report page" link.