Brandjacked! Fake Google+ Page Insults Bank of America

Social media fail or fraud?

A Google+ page that appeared to be the online home of Bank of America has for the past seven days advertised the company's "new" slogan: "We took your bailout money and your mortgage rates are going up."

The page was a fraud, of course -- but a fraud the giant bank has allowed to exist for the past week, since Google unveiled pages for businesses and products on its new social network. How such a thing could slip past the attention of the country's second biggest bank by assets is anyone's guess, said Chester Wisniewski, a senior security adviser for security firm Sophos Labs.

"An organization the size of Bank of America you would expect would be very protective of their brand," Wisniewski told

"It's just kind of common practice in most organizations to do that these days. I just find it amazing for this to go on for week and them not to notice," he said.

The no-longer-available page was clearly a satire of the giant bank, possibly one created by the "Occupy" protesters or the hacker group Anonymous, Wisniewski suggested. And the mocking posts on the page are obviously not from the real bank.

“Starting tomorrow, all Occupy Wall Street protestors with Bank of America accounts around the country will have their assets seized as part of BofA’s new Counter-Financial-Terrorism policy,” reads one post from Nov. 8. “You will sit down and shut up, or we will foreclose on you.”

But the page highlights the challenges banks and brands face keeping pace with changing world of social media. How to police the entire social web?

To aid them, when Google unveiled the new products pages on Nov. 7, it also unveiled a verification feature: Just look for the checkmark next to a name.

Bank of America's new page is verified … but not all sites have that mark. For example, Citibank's Google+ page isn't verified.

And that lack of security means it's easy for hijackers to create parody pages or worse -- phishing pages that exactly imitate real pages with the very real goal of fraud.

"This type of thing could be used to spread malware," Wisniewski warned.

But brandjacking alone does damage to a company's reputation, and the attackers clearly put in effort painting Bank of America in a bad light over the course of at least 10 articles, which say things like:

"Living under a tarp? I am too. My TARP is much bigger, however, and billions of dollars more expensive."

Wisniewski labeled the entire incident an eye-opening lesson in social media.

"I found it really bizarre. I don't know what else to say," he said.