In the best of all possible worlds we’ll all join hands as one and be brothers for eternity. Sounds like a utopia? How about using a Facebook app in order to invite your friends to join Google+? Never mind the ongoing debates about the Facebook-Google+ war! As some already speak about the end of Facebook, or at least about its feeble signs, why not give in to temptation and try to jump from one (allegedly) sinking boat to a brand new ship that’s destined for greatness….at least that’s what some voices are saying about Google+! Who cares that the new “IT” has had some privacy-related rough times?
That’s exactly what our scammers of the day are betting on. Let’s see how they go about their tricky persuasion business. First, a Facebook invite:
All’s as clear as daylight. The recent media buzz which you couldn’t have missed (unless you were out on a vacation from planet Earth) kicks in. I bet you’ve heard the “please invite me to Google +” line at least once from your friends these days…Here’s your chance to make 50 of them happy! One click can do so much!
Next step, the Permissions page. Quite a lot of them, don’t you think? There’s our good friend “Send me e-mail”, plus its wicked cousin who wants to “Access your data anytime”…oh, look! There’s “Access my profile info” as well. Should we mind it that the app claiming so much from your account is just supposed to help your friends get an invite? Neaaaaaah. And on we move.
Next step, the mandatory Like. Why not join the other fifteen thousand fans of this page? The more the merrier….(with a minor adjustment, in this case, as the saying should also say for better or for WORSE….but let’s not get ahead of ourselves). So, what’s up on this page that we’ve just declared our eternal fidelity to?
Looks like it’s quite busy. Approximately fifteen thousand people liked it, which means that they’ve got a lifetime subscription to the content that’s posted in here. About 150 comments in less than 24 hours since the page was created (as you can see in the timestamp of the very first message posted here). Enough to make you trust the app? I’d say!
Where were we? About to become 50 of our dear ones’ best friend/pal/brother/sister (you name it….as long as it’s the BEST).
Click your way through your list of contacts, then hit Send Requests and you end up here: the Google + project page. Makes sense, doesn’t it?
There’s you good deed for today! Or is it not? Just take a look at what’ll be happening in your account next:
Yes, you’ve been tricked. But at least they did it in style, if that’s any consolation…..
Jokes aside, this is a very efficient spreading mechanism. You do the math: the 50 explicit invites plus the other indirect invites represented by the automated posts that flood your News Feed! That’s a bigger crowd than some would invite to their wedding….
Aside from its propensity for spam, what harm can this do? Just as in the case of any other scam seeking to secure an audience for a specific webpage, once the word is out, the scammers may redirect the victims from the genuine Facebook page to an external page set up to do harm: malware dissemination & phishing.
Word of advice: if it sounds too good to be true, just Google it? (funeeeeeeeeeeeeeh, I know). You might find out then that Google has not developed any such Facebook application, but that it’s created a form for all those who are dying to make it to the Google+ family.
Stay safe and click wisely!
P.S. Came across a nice Lifehacker article on the privacy issues posed by a browser extension which allows posting content on Facebook and on Google+, as they were revealed by an analysis of the extension’s underlying code. The full article is available here. The fact is that while in the case of browser extensions the code is visible, the code behind Facebook applications is in the cloud, which means that it could not be subjected to this kind of analyses.
This article is based on the technical information provided courtesy of Tudor Florescu, BitDefender Online Threats Analyst
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.