Sheee....eeessshhh! - Eva Glass
|
|
|
Lack of verification leads to Bank of America Google+ prank
JACK OF ALL TRADES Google recently launched a Pages features for its social network Google+, but the lack of a verification system has led to hackers creating a false Bank of America page.
The page found by Sophos Security includes a description, "We took your bailout money and your mortgage rates are going up," and, "We are committed to making as much money as possible from usury, coercion, bribery, insider trading, extortion, and debit card fees as possible."
Aside from the significant negative publicity for Bank of America, the page is relatively harmless, but it does highlight a notable flaw in Google's page policy. The lack of verification for big names means that users could be tricked into believing that a fake page is genuine.
This might not seem like a major problem at first, but with the rise of malware on social networks it could become a significant threat. For example, if the person or people behind the Bank of America page decided to pretend to be the real deal, instead of making it obvious that it was a fake, it could have linked people to web sites filled with malware, which users looking for the real Bank of America page might have clicked on.
Of course, Google cannot force people to verify every single name of a person or group, as this would become exceedingly tedious, but it can do something like Twitter does with its verified accounts, which, in the case of celebrities, public figures, and well-known companies, would help users differentiate between the real and the fake.
Google+ launched earlier this year without a Pages feature, for which many people slated it, given that this was a popular element of Facebook's empire. While Google finally launched this feature last week, it seems that it didn't take the time to consider the potential security implications of not having any form of verification in place.
Update:
"Verification badges are designed to help our users find what they're looking for by ensuring that people, brands and businesses that are subject to broad-based impersonation are protected," Anoek Eckhardt, a Google spokesperson, told The INQUIRER. "Since this is primarily a security mechanism, there's no way to apply for a verification badge. If we think you or your page might benefit from a badge, we'll reach out directly to verify you." µ
Tags: Security
Share this:
Share
The Google page has a verified button, but I could not find one on the pages for any other big names, including Apple, IBM, Microsoft, HP, BBC, etc.
For people the only verified page I could find was for Madonna. The official page for Michael Jackson was not verified, nor was there a verified one for The Beatles. There were several pages for Lady Gaga, but none that were verified, making it impossible to tell which one, if any, is official.
I also created my own page and it did not require me to verify. Even The INQUIRER's Google+ page required no verification.
So, while I agree that it does exist, it appears to be not implemented in the vast majority of cases, making it pretty useless.
We have contacted Google for information on its verification policy and why so few are using it.
The whole creepy thing about google+ is that your MUST use your real name, and the inq put up articles on the subject.
It was also mentioned that at first they wanted you to proof it but that became a bit of a hinder to growth so they slacked on that immediate requirement, and the inq said they did do a check for big names though I think to recall.
They DO have verification. And the page isn't verified. I wouldn't be nitpicking at that if you didn't put it in the title of the article.
Perhaps you mean a "better implementation of verification" is a required, but to say they don't have verification is an definite lie. They have it for pages and for people.