Why you shouldn't trust Google+ Verified Accounts

Filed Under: Featured, Malware, Social networks, Spam

Google+ verified accountGoogle may have started to roll out verification badges for celebrities and public figures who have Google+ accounts. But, unfortunately, it's not going to close the door to fraud on the fledgling social network.

The idea is to make it easier for members of the public to tell if they're the person you've added to a Google+ circle is the real Dolly Parton, the real Britney Spears or the real Alyssa Milano.

According to a Google+ post by Googler Wen-Ai Yu about the initiative, verified accounts have a grey checkmark next to their name. Rolling your mouse over the tick, shows that it is a "verified name".

So, for instance, Britney Spears now has a verified account on Google+ (I've added the helpful red crayon):

Official Britney Spears Google+ account

Whereas this unofficial Britney Spears account doesn't:

Fake Britney Spears Google+ account

What is far from clear is how the verification system works, and what hoops celebrities and public figures need to jump through to convince Google+ they are who they say they are. Furthermore, there are no signs yet that the system is going to be rolled out to the general public anytime soon.

It looks like it's going to be a case of "If you are a Google employee or if you've got enough celebrity or social media clout, then you may be able to get verified - otherwise.. tough".

But there's a bigger problem.

Google+ is following in Twitter's footsteps regarding a way to verify the accounts of public figures and celebrities.

A "Verified Account" badge only tells you that it's the official Google+ page for that person. Importantly, it doesn't tell you that it really was that individual that wrote the message you just read.

It won't stop celebrity Twitter users from choosing dumb passwords, or being careless with their credentials.

Poor Britney Spears and Lady Gaga, for instance, are just a handful of the celebrities who have had their verified Twitter accounts compromised in the past.

Britney Spears has her Twitter hacked

And if Google+ does eventually roll out verified accounts to the great unwashed public, remember this. If it's your (non-celeb) friend or family member who has their Google+ account commandeered by hackers you'll be just as susceptible as ever to believing their posts to be true and in danger of clicking on their (potentially malicious) links.

None of this is to say that Google+'s verified account facility is a bad idea. It's just not as much of a security fix as some folks might hope.

All it does is tell you who the account belongs to, not who posted the messages to it.

If you're on Google+ and want to find out more about security threats, why not add Naked Security to your circle? Sorry, but not being celebrities, it's an unverified account. :)

, , , , , ,

You might like

3 Responses to Why you shouldn't trust Google+ Verified Accounts

  1. mkr10001 · 1466 days ago

    Tell me why it would be rolled out to the public? I don't understand why thinks they deserve to be verified. As if they think that anyone would want to be them. Verified accounts for celebrities who may get people posing as them.

    How many verified "Dave from London" accounts will there be? It won't matter that anyone is verified.

  2. Accounts don't have to be hacked into order for messages to be written by people other than the person whose name is one the account.

  3. Craig · 1465 days ago

    Again Britney is in league with the devil? He must have eclectic tastes in music for he runs thw whole gammut.

    I thought the devil worked with google so his account would be verified, avoid the lose your soul button when checking his postings.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley