Pinterest gift card scam is testing the water

Pinterest lets you organise and share things you find on the web. It’s a virtual pin board of your online and offline life. Pinterest’s goals are to connect everyone in the world through the ‘things’ they find interesting. Someone who uses Pinterest is called a ‘Pinner’. The picture-based service has though become a target for scammers and fraudsters recently.

Twitter (malicious URLs) and Facebook (install an app or follow a malicious URL) are well known targets, but Pinterest hasn’t had the same attention until recently. Pinterest (Facebook and Twitter also see this pattern) however have only seen survey scams which at first ask you to complete a survey, which in turn promises a discounted or free product or service. This is in return for your personal data (and maybe a malicious payload drop) of course.That personal data is then used to target that victim specifically as part of a spear phishing attack.

Spear phishing emails use your real name and email address and may well contain other data such as the bank you use. It’s all meant to make the email feel real. This attack pattern forms part of a much larger (global) financial deception plan orchestrated by criminal gangs.

A recent turn of events was spotted by friends of mine at BitDefender, whereby they saw some simple eye-catching photos (gift cards that led to quizzes) on Pinterest, which were being used to entrap a ‘Pinner’ to click and view a image/landing page via a URL. All the scammers wanted this time was access to your Pin. On another occasion the landing page may well carry a malicious payload. You have been warned. My advice here is to use a URL link scanner or download images into a sandbox (virtual drive). The files will be stored on a virtual drive and not within your operating system where it can cause havoc. Also, why not check out Sandboxie one of my favourite sandboxing apps – it’s free too!

As for what Pinterest offer in regards to reporting spam etc, they do have a spam reporting system built in to their website. To report a malicious Pin Image you will need to click on “Report Pin” from the right side of the malicious Pin image.You should see five options. Check the relevant option and click ‘report pin’. It’s important you let the Pinterest team know if you suspect a Pin to be malicious.

Safe surfing folks!

This entry was posted in anti-virus, browser, malware, privacy and tagged , . Bookmark the permalink.

3 Responses to Pinterest gift card scam is testing the water

  1. Lynn Garris says:

    I just received a message from twitter user @pinterest141 detailing a VISA gift card in exchange for filling out a Pinterest survey linked in the user’s profile. So it’s not only malicious pins on Pinterest itself that are vectoring these phishing attacks. (Pinterest’s official Twitter account is @pinterest)

  2. Pingback: Pinterest gift card scam is testing the water | News | IT Security Magazine - Hakin9

Leave a Reply

Your email address will not be published. Required fields are marked *