Why you shouldn’t trust Google+ Verified Accounts

Google+ verified accountGoogle may have started to roll out verification badges for celebrities and public figures who have Google+ accounts. But, unfortunately, it’s not going to close the door to fraud on the fledgling social network.

The idea is to make it easier for members of the public to tell if they’re the person you’ve added to a Google+ circle is the real Dolly Parton, the real Britney Spears or the real Alyssa Milano.

According to a Google+ post by Googler Wen-Ai Yu about the initiative, verified accounts have a grey checkmark next to their name. Rolling your mouse over the tick, shows that it is a “verified name”.

So, for instance, Britney Spears now has a verified account on Google+ (I’ve added the helpful red crayon):

Sign up to our free newsletter.
Security news, advice, and tips.

Official Britney Spears Google+ account

Whereas this unofficial Britney Spears account doesn’t:

Fake Britney Spears Google+ account

What is far from clear is how the verification system works, and what hoops celebrities and public figures need to jump through to convince Google+ they are who they say they are. Furthermore, there are no signs yet that the system is going to be rolled out to the general public anytime soon.

It looks like it’s going to be a case of “If you are a Google employee or if you’ve got enough celebrity or social media clout, then you may be able to get verified – otherwise.. tough”.

But there’s a bigger problem.

Google+ is following in Twitter’s footsteps regarding a way to verify the accounts of public figures and celebrities.

A “Verified Account” badge only tells you that it’s the official Google+ page for that person. Importantly, it doesn’t tell you that it really was that individual that wrote the message you just read.

It won’t stop celebrity Twitter users from choosing dumb passwords, or being careless with their credentials.

Poor Britney Spears and Lady Gaga, for instance, are just a handful of the celebrities who have had their verified Twitter accounts compromised in the past.

Britney Spears has her Twitter hacked

And if Google+ does eventually roll out verified accounts to the great unwashed public, remember this. If it’s your (non-celeb) friend or family member who has their Google+ account commandeered by hackers you’ll be just as susceptible as ever to believing their posts to be true and in danger of clicking on their (potentially malicious) links.

None of this is to say that Google+’s verified account facility is a bad idea. It’s just not as much of a security fix as some folks might hope.

All it does is tell you who the account belongs to, not who posted the messages to it.

If you’re on Google+ and want to find out more about security threats, why not add Naked Security to your circle? Sorry, but not being celebrities, it’s an unverified account. :)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.