A rogue application is spreading via Facebook, claiming to offer easy invitations to Facebook’s new rival in the social network market, Google+.
Many Facebook users have had messages like the following appear on their newsfeed:
Google+ - Get Invite
Unoffical Fan Page
Page: XX,XXX people like this.
If you visit the page, you are invited to allow a third-party application to access your Facebook account.
You should also exercise great caution about what third party apps you allow to access your Facebook records, especially when they are demanding the ability to post to your wall and grab personal information such as your date of birth and current location.
Nevertheless, if you are hungry to get a Google+ Invite or to find an easier way to encourage your Facebook friends to join you on Google+ then you might (unwisely) carry on regardless.
The next thing which happens is you are encouraged to “Like” the page. Remember, you haven’t seen anything yet which impresses you at this point – so why are you recommending the page to your online friends?
Just in case the “Like” wasn’t enough – you are now encouraged to invite as many of your friends as possible to also sign-up for the scheme.
Of course, if you do send a direct invitation to your friends to sign-up for the Google+ Invite application then they may very well believe that you have checked it out for yourself, and trust your invitation. A sneaky piece of social engineering by the folks behind this third party application.
What we end up with is many thousands of people who have given a third party application, written by persons unknown, complete access to their Facebook page. That means they can later use your Facebook account to post spam messages, distribute other money-making scams, steal your personal information, and post in your name.
If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here’s a YouTube video I made which describes what steps you need to take:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 100,000 people regularly share information on threats and discuss the latest security news.
And if you are on Google Plus, feel free to add Naked Security to your Google+ circle so you can learn about the latest security threats.
You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.Follow @gcluley