Only launched at the end of June, Google+’s growth — having already reached more than 10 million users in its first weeks — has been astounding. With that in mind, it’s hardly surprising that the new social network has already attracted the attention of cybercriminals.
Online security firms have identified that cybercriminals are already targeting individuals through friend invites to this network, via emails.
Naked Security, an online security blog, identified “the first big Google+ spam campaign”, as one being perpetrated by “pill pushers”. They identified emails which are very similar to the much sought after invites to Google+.
Fabio Assolini, a Malware Researcher at Kaspersky Lab says that, “Google+ is another addition to the social networking world, and while certainly an exciting avenue to explore in this regard, considering the world of internet cybercrime, Kaspersky Lab have identified that Brazilian cybercriminals have already started sending fake invites with malicious links pointing to malware, specifically Trojan bankers.
As explained on the blog Malware City, Trojan Bankers are “a special family of malware aimed at stealing log-in information related to banks (such as login names, passwords, PIN numbers and others)”.
Assolini says they, “recently found one targeting Portuguese speakers and as such, feel that it is crucial to warn users of the potential security threats targeting this social networking site as it is only set to grow”.
The fake invite contained an infected link that when accessed, redirected the user to a very common Brazilian Trojan banker file — a .cmd file hosted at Dropbox.
The most interesting thing to note with this message was another link pointing to a form hosted at Google Docs. The message showed the link as “send the invitation to your friends” whilst it actually was a fake form created to collect names and email addresses of new victims.
Kaspersky Lab has reported this malicious file and the fake Web form to Google.
Social networks are seen as one of the greatest security threats among businesses. The introduction of new social networking sites creates a haven for cybercriminals to implement virus and threat activity for their own gain; especially as such sites are without a doubt popular among users.
Google+ whilst still far from the user numbers boasted by Facebook’s 750-million and Twitter’s 277-million is fast gaining the attention of users and the nature progress to cybercriminals is evident.
Kaspersky Lab gives the following tips to protect your Google+ profile as malware increases.
The profile editing section is the brains of the Google+’s privacy, providing a versatile interface that allows you to customise how you share each and every nugget of your information. Be sure to use it and make your privacy levels a high priority.
One circle to rule them all
If you’re going to use Google+, you need to learn to master the fine art of Circle Management. Circles are the main privacy control centre of Google+. They allow you to create groups of friends and associates using a powerful (and cool) user interface that makes it easy to group friends, family and co-workers, and then limit who can see what.
If you access Google+ using your Android phone, photos and videos you take are automatically uploaded to Google’s cloud via a new tool called Instant Upload. Don’t worry though, photos aren’t shared by default, but are stored on a private Picasa Web folder for future sharing. For a minority of users Instant Upload is a fine idea but it’s enabled by default and may take a lot of new Google Plus users unaware. To disable Instant Upload, click into the app, Menu/ Settings/ and at the top of the screen uncheck “Instant Upload” for increased protection.
Assolini concludes that, “ensuring a safe social networking experience requires you to be aware that such threats exist, thereby being able to take action the necessary action required and socialising in a secure environment”.