Quick Hits

Invitations To Join Google+ Could Be Ruse To Steal Facebook Info, Researchers Say

Emerging social network is subject of data-stealing scam, Barracuda reports
A new online scam is offering an invitation to join Google+, the new social networking offering from Google, according to researchers at security vendor Barracuda Networks.

In a blog posted Wednesday, Barracuda researchers outlined a ruse in which attackers trick Facebook users into giving up their account information and other personal data by promising membership in Google's new community.

The "invitation" is presented to the user as an application, Barracuda says. "Clicking on one of these news feed items brings up an actual Facebook application page," the blog states. "These app pages are being taken down by Facebook and scammers are creating new ones.

"The reason for selecting an application for this scam is that applications can, if allowed, access otherwise private information from your Facebook profile," the researchers say. "That’s just what this app does. Clicking on any of these links takes you to a page where the application requests permission to access your Facebook data -- and it really does ask for quite a bit.

"This appears to be the entire point of this scam – email and account data harvesting," Barracuda explains. "The only other thing the application does is to spread to your friends. First, you are asked to ‘Like’ the app, which will cause it to appear in your friends’ news feeds. Then, you are asked to explicitly send 'invites' to your friends.

"Instead of actually sending invites, you’re sending Facebook requests that will appear in the notification queue of each friend you select," the blog states. "Once you are past this point, you wind up on the Google+ home page, and when you try to log in – surprise – you haven’t been invited."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.