Google includes a Report Abuse link on every displayed form, but it takes time to respond, verify, and deny future access to the form. In that interlude, thousands of more victims may have been tricked into providing their confidential information.
The new Google+ service is already being used by spammer. In this case, the criminals aren't using Google's service at all; they are simply crafting very realistic Google+ invitations that, if clicked, will take the unsuspecting victim elsewhere. Part of what makes Google+ frauds easier to pull off is that both the real and fraudulent emails come from no-reply sender email addresses. This means that spammers don't even have to take the additional step of sending from a valid email address.
Many readers are probably already aware of these new spamming and phishing attacks, but I bet many others aren't. Consider this your wake-up call that a new attack paradigm is out there, and vendor defenses either aren't in place yet or aren't very sophisticated. Right now, until our traditional antispam and antiphishing tools come up to date on these avenues of attack, we defenders are left with our own homegrown custom protection and end-user education.
The phishing war moves on. Are you prepared?
This story, "Spammers exploit the Google cloud to dupe victims," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.