We have recently observed a run of spam that is trying to capitalize on the new social networking platform provided by Google, named Google+. The spam samples are similar to other social network spam messages, which are discussed in one of our previous blogs. Currently, Google is trialing their new venture with limited users; therefore, participation is by invitation only. Hence, it is expected that we’ll see bogus Google+ invites distributed as spam in the wild.
The message in this latest spam campaign looks like a legitimate invite from an already registered user, and it provides an invitation link. However, if one takes even a cursory glance at the URL in the status bar, it shows that the link doesn’t relate to Google in any way.
The headers in the spam samples are as follows:
Subject: Welcome to the Google+ project
From: [removed] (Google+) <[removed]@plus.google.com>
The invitation link directs users to a Canadian pharmacy website, as shown in the image below:
Spam targeting social networks is not new. It is likely that this is another addition to the list of social networks that spammers wish to exploit. We expect a growth in “invite” spam or phishing attacks directed at users who are interested in obtaining a Google+ account. In spam and phishing cases such as this, please check any URLs provided in messages before clicking on any link. Please also ensure that you are certain the requester is a known friend and that the invitation is legitimate—before clicking the link. We are monitoring this attack to keep our readers updated.
Note from Google (July 7, 2011): Google recently introduced a feature for Gmail that will reduce the risk of users falling for these kinds of scams. Please see this post on the Gmail Blog as a reference. This feature will show a full email address next to the "From" name, so a Gmail user will be more likely to see that the notification came from an unfamiliar-looking domain. If the email is authenticated by a domain, Gmail would also show a "via domain" link to indicate how the message was sent. In case there is an unauthenticated mail from plus.google.com, it is put in spam without delivering the message to the inbox.
Note: Thanks to Saurabh Kulkarni for contributed content.