Google+ Spoofed by Spammers

by Christopher on July 2, 2011

With the combining of two of today’s most significant spam trends — targeting social network users and sending pharmaceutical spam — Google+, which is Google’s new social networking site, has joined the ranks of brands spoofed by spammers. Email messages from Google+ are now being fraudulently replicated in a major spam campaign.

The spam emails in question resemble legitimate messages a person may receive from a friend who uses Google+. The messages, which invite the recipient to check out the new social networking site, have subject fields like “Welcome to the new Google+ project.” The body of the spam contains a welcome, a default silhouette-style profile picture, and an invitation to view or comment on the fake user’s activity on the site. It then has a blurb about the site still working out some kinks and a large button to “Learn more about Google+.”

These spam messages are relatively well written by spam standards, mostly lacking the usual typos and spelling and grammatical errors. They appear to be written by a native English speaker, and they contain a realistic footer that includes the Google+ logo and an option to unsubscribe from further contact.

While this is the first large-scale spam campaign exploiting the Google+ brand name, it is not surprising, nor will it be the last. Social networking sites are some of the most-targeted by spammers, phishers, and other cybercriminals. Month after month, Facebook appears on the top 10 list–often even in the top 5–of websites most often targeted by phishers.

The current spam campaign is not particularly malicious. The emails seen so far simply redirect to websites selling pharmaceutical products, including spammer favorites such as Viagra, Cialis, and Levitra. Most are mock Canadian pharmaceutical websites, an all-too-familiar aspect of this category of spam. No malware or phishing ploys associated with this campaign have been reported as of this writing.

By the end of 2010, pharmaceutical spam accounted for more than 40 percent of all global spam in circulation. It remains the single most prevalent type of spam to this day.

You may wonder how many people who think they’re about to investigate a new social networking site will spontaneously decide to purchase pharmaceutical sexual enhancers or other drugs. Not many, to be sure. But a handful of recipients will undoubtedly buy something or at least bookmark the sites for future use. In large enough numbers, with spam messages sent out by the millions or even billions each day–at no cost to the spammers–a few emails will invariably be successful, yielding a profit.

If you receive an email purporting to be from Google+, or any other social networking site, always verify that it’s from somebody you know and confirm that it was sent to you with his or her knowledge. Though the current spam campaign contains nothing more than an annoying redirect, new campaigns spoofing Google+ will certainly arise in the near future that contain malicious files and attempts to phish personal information.

Posted in: Spam

Previous post:

Next post: