Symantec has observed a run of spam that is trying to capitalise on the new social networking platform provided by Google, named Google+. The spam samples are similar to other social network spam messages discussed in one of our previous blogs. Google is now trialing their new venture with limited users and participation is by invitation only.
The message in this latest spam campaign looks like a legitimate invite from an already registered user and it provides an invitation link that directs users to a Canadian pharmacy website. However, if one takes even a cursory glance at the URL in the status bar, it shows that the link doesn’t relate to Google in any way.
Subject: Welcome to the Google+ project
From: [removed] (Google+) <[removed]@plus.google.com>
While spam targeting social networks is not new, this is yet another addition to the list of social networks that spammers wish to exploit. We expect to see interest in “invite” spam or phishing attacks directed at users who are interested in obtaining a Google+ account. For more information on the above, please visit http://www.symantec.com/connect/blogs/your-google-invite-may-be-spam.
In spam and phishing cases such as these, we advise users to check any URLs provided in messages before clicking on any link. They should also ensure that they are certain the requester is a known friend and that the invitation is legitimate—before clicking the link. Symantec Security Response is monitoring this attack and do visit our blog for new updates.