Cyber criminals surfing the Google Wave

Google Wave

Cyber criminals are targeting people interested in Google Wave with email scams and websites filled with affiliate-based advertising.

Security analyst Rik Ferguson told IT PRO that he first noticed a scam on Twitter. Users that click the link were sent to a website that promised a Google Wave invite within the hour, but only if they gave up their Twitter username and email address.

The site had the domain name, which wasn't a real Google address but would be capable of fooling some people.

Ferguson noticed users on the Google Wave support forum were worried about similar activity, highlighting a scam which took a user through pages of special offers before they were invited to surrender details.

Ferguson said that the simple message for people looking for Google Wave was that they couldn't really expect organisations or people who weren't in the position to offer the invite to be able to provide it.

"These are completely independent websites, not affiliated and not sanctioned, clearly with their advertising agenda," he said.

"Whether it's Google Wave, or something else that you really want, don't be taken in by false promises because that's really all they are. Google Wave is all about community and collaboration," Ferguson said. "If you have a friend who gives you an invite and you don't know anyone who's using it, then you're going to get very limited value out of it."

Security firm Websense also noted that Google searches on terms related to Google Wave were leading to rogue anti-virus, thanks to criminals using SEO poisoning techniques.

The tactic isn't new, as criminals targeted Snow Leopard when it came out last month.