Facebook scam cashes in on Google+ hype

A Facebook scam that exploits the buzz surrounding new social networking tool Google+ is making the rounds and may be the precursor to a widespread phishing scam.

Security vendor BitDefender said the scam takes the form of a Facebook application called ‘Google Plus Direct Access’. Users are told they will be directed to a download page for Google+ if they ‘Like’ the application.

In reality, there is no link to Google+ and no chance to receive an invitation to the service. By clicking ‘Like’, users actually share their profile information and contact details with the application’s creators.

The scam features a spreading mechanism that prompts users to invite 50 friends, with the invites ending up on users’ Facebook newsfeeds, increasing the likelihood that others will also sign up. The scam gathered approximately 3300 fans within 24 hours.

While BitDefender said the scam is “relatively harmless” for the time being, the vendor said “there is a possibility for the app’s creators to attempt phishing attacks on its rapidly growing fanbase by taking advantage of the personal information that it has access to from users having ‘liked’ the page”.

“This scam highlights the increasing propensity for cybercriminals to ‘trendjack’ the latest news in order to exploit people’s natural curiosity. From the high number of fans that ‘Google Plus Direct Access’ has gathered in just 24 hours, it seems that this particular example has been successful in achieving its purpose of misleading people into believing there is a Google+ invite waiting for them at the other end,” said Catalin Cosoi, head of BitDefender’s Online Threats Lab.

According to BitDefender statistics, just under a quarter (24.6%) of Facebook users have had some form of malicious content posted on their Facebook wall by a friend.

“Users need to take real care when using any social network and be wary not to get drawn into something that more often than not is too good to be true,” Cosoi said.