Google+ invite scam spreads on Facebook via rogue application

Filed Under: Data loss, Facebook, Privacy, Rogue applications, Social networks, Spam

A rogue application is spreading via Facebook, claiming to offer easy invitations to Facebook's new rival in the social network market, Google+.

Many Facebook users have had messages like the following appear on their newsfeed:

Google+ Invite scam

Google+ - Get Invite
Unoffical Fan Page
Page: ‎XX,XXX people like this.

If you visit the page, you are invited to allow a third-party application to access your Facebook account.

Google+ Invite scam

You should also exercise great caution about what third party apps you allow to access your Facebook records, especially when they are demanding the ability to post to your wall and grab personal information such as your date of birth and current location.

Nevertheless, if you are hungry to get a Google+ Invite or to find an easier way to encourage your Facebook friends to join you on Google+ then you might (unwisely) carry on regardless.

The next thing which happens is you are encouraged to "Like" the page. Remember, you haven't seen anything yet which impresses you at this point - so why are you recommending the page to your online friends?

Google+ Invite scam

Just in case the "Like" wasn't enough - you are now encouraged to invite as many of your friends as possible to also sign-up for the scheme.

Google+ Invite scam

Of course, if you do send a direct invitation to your friends to sign-up for the Google+ Invite application then they may very well believe that you have checked it out for yourself, and trust your invitation. A sneaky piece of social engineering by the folks behind this third party application.

What we end up with is many thousands of people who have given a third party application, written by persons unknown, complete access to their Facebook page. That means they can later use your Facebook account to post spam messages, distribute other money-making scams, steal your personal information, and post in your name.

If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here's a YouTube video I made which describes what steps you need to take:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 100,000 people regularly share information on threats and discuss the latest security news.

And if you are on Google Plus, feel free to add Naked Security to your Google+ circle so you can learn about the latest security threats.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

, , , ,

You might like

3 Responses to Google+ invite scam spreads on Facebook via rogue application

  1. WippyM · 1549 days ago

    There are people who don't listen; these are the suckers of the internet and rightfully so!

  2. Ton Ton K · 1549 days ago

    wow thanks for letting me know about this.. I have google plus, but not through my facebook account through my google one.

  3. Transremaxculver · 1548 days ago

    I had something like this come up the other day, was very suspicious of an agreement to let it post items for me. So I changed my mind, the window looked similar to the above, but can't remember exactly.

    Anyhow on the whole I don't have too much trouble with spam.

    Have a look at whats in the spam folder every now and then though,

    Which inspired me to write this,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley