Beware of Google Plus Fake Sign Up Page!

Aug 25, 2011
Google+ Phising I have not yet find any reports if there have been victims of hackers who stolen Google's username & password caused by phishing techniques. But I've found a blog that discusses how to create phishing pages for Google Plus sign up. And I will not share here the website address for security reasons.

The method of this technique is sending you an e-mail of invitation Google Plus having a link for the Google Plus sign up page. But that link has been replaced with their own fake Google Plus page, and as soon as you login from that page to create Google+ account, they will get your mail id and password.

As you know in my previous post that this situations caused by Google+ invitation-only system which exploited by some peoples who are not responsible. They are using Google+ hysteria to hijack Google account of novice users by sending a Google Plus invitation. It is a crime!

Here are some tips to avoid the hijackers:


  1. Everytime you received an email, please make sure the sender e-mail address is from noreply-...@plus.google.com.
  2. Google+ Valid E-mail Address Sender
  3. But, it's not enough. Because for hackers, it's so easy to change the sender mail address to looks like using Google+ domain. So the second things, you should look at the link behind "Join Google+" red button. Just hover on it and see in your bottom bar. If it came from https://plus.google.com/_/notifications/emlink?emrecipient... you can trust it.
  4. Google+ Valid Join Link
  5. After you clicked on that link, please re-check on the address bar it's still using Google's secure domain: https://www.google.com/... and not the others like http://xxx.tk/ or http://xxx.co.cc/ etc.
  6. Google+ Valid Site Address Sign Up
  7. The invitation might not always through your e-mail. Its also can sent using direct link. So if somebody give you an invitation link, be sure its using the prefix:
    https://plus.google.com/_/notifications/ngemlink?path=...

One more thing, to avoid this hijackers please always check the URL of the site which asks you to login with your Google, Twitter, Facebook, Yahoo or other online accounts. Remember that if the site is legitimate, they will use the API and never ask for your username or password in the first place.

In some cases you also can see that the web address of a site is different and not a part of the host service, so there is a high chance that you are being targeted by a hijacker or spammer. Using suspicious third party sites was another way for hijackers get control to your account.

Hope this can help you. And don't forget to tell your friends, colleagues and family members. Let's build a safe internet together!
Add new comment
If you choose to leave comment using Twitter or Facebook account, please log in first to your account. We guarantee that we DO NOT collects anything from your log in informations.
Comments
0 Comments
Tweets
Comments