A month into its launch, Google+ has attracted around 20 million users who sign up via "invites" from members. This "referral" scheme has given cybercriminals an opportunity to push survey scams, Myla Pilao, director of core technology marketing from Trend Labs, highlighted in an e-mail interview.
Cybercriminals, she explained, have capitalized on the "perceived scarcity of the accounts" to create fake Web sites to lure unsuspecting victims interested in joining the social network. According to her, such sites claim to offer downloadable invites after a user completes a series of surveys.
When users try to dismiss the list of surveys, they are directed to a file-sharing Web site where the user is given two options--to download an invitation for free by answering one of the surveys or pay a fee to obtain the invite, she noted.
According to various reports, Fabio Assolini, malware researcher at Kaspersky Lab's global research and analysis team, said the Russian security vendor had identified fake invites from Brazilian cybercriminals targeting Portuguese speakers. These invites contained links to malware, specifically banking Trojans, which are a family of malware aimed at stealing log-in information related to banks.
When clicked, the links redirect a user to a commonly used .cmd file hosted at Dropbox when accessed. Accompanying this message is a link to another document purportedly hosted at Google Docs, but is essentially a fake form created to collect names and e-mail addresses of new victims.