Application security, Threat Management

Pinterest’s popularity attracts cyber scammers

Pinterest is the latest social networking craze -- and that means cyber criminals aren't going to let you share images of your favorite summer sandals, button bracelets and vegan cupcakes in peace.

According to Symantec researchers, miscreants have begun flocking to the fast-growing virtual pinboard. Instead of posting images that lead to legitimate websites, these scammers are pinning alluring bait, such as offers claiming to give away a free $100 gift card.

Trend Micro researchers, meanwhile, have spotted the trusted Starbucks and Coach names being used in the ruses.

"If an unsuspecting Pinterest user clicks on the link for one of the scam images, he or she is taken to an external website," Symantec researcher Nishant Doshi explained in a blog post this week. "The website states that in order to take advantage of the offer, they must re-pin the offer onto their own Pinterest board. This helps propagate the scam, as it now gains further credibility by being posted by a trusted source. Some of the trusted source's followers subsequently fall for the same scam, then their followers as well, and so on."

Once the offer is re-pinned, users are then asked to click on a second link, which leads to an online survey that, if completed, makes money for the perpetrators

"Most scam pages ask the user to fill in surveys, sign up for subscription services, reveal personal information or even install unwanted executables," Doshi wrote.

While none of the ploys that Symantec witnessed appear to result in any malware being installed -- as has happened on other social networking sites like Facebook -- Doshi encouraged users of the barely one-year-old Pinterest, which earned 11.7 million unique visitors in January, to tread carefully.

"In light of these scams on popular social networking websites, we encourage users to avoid offers that appear too good to be true and not re-pin such content," she wrote. "We also encourage them to review their Pinterest boards and remove pins related to such scam surveys."

In addition, the site may be prone to vulnerabilities, according to a Feb. 29 Softpedia story, which chronicled a security researcher's discovery of at least two bugs that could lead to the takeover of users' accounts.

UPDATE: A statement from Pinterest said the company's engineers are working hard to fix security issues on the site and are finding ways to ensure that "fake or harmful content" doesn't make it on to public feeds.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.