The Inquirer-Home

Lack of verification leads to Bank of America Google+ prank

Updated Google fails to consider security implications
Tue Nov 15 2011, 14:21

JACK OF ALL TRADES Google recently launched a Pages features for its social network Google+, but the lack of a verification system has led to hackers creating a false Bank of America page.

The page found by Sophos Security includes a description, "We took your bailout money and your mortgage rates are going up," and, "We are committed to making as much money as possible from usury, coercion, bribery, insider trading, extortion, and debit card fees as possible."

Aside from the significant negative publicity for Bank of America, the page is relatively harmless, but it does highlight a notable flaw in Google's page policy. The lack of verification for big names means that users could be tricked into believing that a fake page is genuine.

This might not seem like a major problem at first, but with the rise of malware on social networks it could become a significant threat. For example, if the person or people behind the Bank of America page decided to pretend to be the real deal, instead of making it obvious that it was a fake, it could have linked people to web sites filled with malware, which users looking for the real Bank of America page might have clicked on.

Of course, Google cannot force people to verify every single name of a person or group, as this would become exceedingly tedious, but it can do something like Twitter does with its verified accounts, which, in the case of celebrities, public figures, and well-known companies, would help users differentiate between the real and the fake.

Google+ launched earlier this year without a Pages feature, for which many people slated it, given that this was a popular element of Facebook's empire. While Google finally launched this feature last week, it seems that it didn't take the time to consider the potential security implications of not having any form of verification in place.

Update:
"Verification badges are designed to help our users find what they're looking for by ensuring that people, brands and businesses that are subject to broad-based impersonation are protected," Anoek Eckhardt, a Google spokesperson, told The INQUIRER. "Since this is primarily a security mechanism, there's no way to apply for a verification badge. If we think you or your page might benefit from a badge, we'll reach out directly to verify you." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Masque malware is putting iPad and iPhone user data at risk

Has news of iOS malware made you reconsider getting an iPhone?