Pinterest Under Siege By Scammers

Have you joined the Pinterest revolution yet? Pinterest is the new hottest thing on the social networking scene. It’s so hot that it has drawn the attention of scammers and malware developers--offering fertile ground for finding unwary victims.

Pinterest is a virtual pinboard. It is essentially a means of categorizing and bookmarking visually. When in a traditional Web browser, you might bookmark a really cool classic car, or a recipe for a drink that sounds delicious, with Pinterest you “pin” thumbnail images of the things you like.

Pinterest is also a social network. You can search the various pins and pinboards across all of Pinterest, or follow other users’ pins like friends, family, or just people who seem to pin a lot of things you find interesting.

The visual appeal of Pinterest is obviously powerful--as evidenced by the rapid growth and popularity of the service. Hot websites or services attract cyber attackers as well though, and Pinterest is a particularly easy target due to the nature of the site and the interactions between users.

There are a few things you can look for to try and avoid Pinterest attacks and scams. First of all, if you search for a specific term and you see the exact same image pinned and repinned an inordinate number of times, it is probably malicious. Certainly there are popular images, clothing, recipes, etc. that do get repinned by others, but it is suspicious if the exact same image shows up as 10 of the top 20 pins of your search. That much activity suggests it is being repinned automatically by some sort of malicious toolkit to plant as many links to the attack as possible.

You should also avoid shortened URLs. Pinterest is doubly tricky—and therefore twice as easy to manipulate—as a normal website. Users are clicking on thumbnail images without really knowing where they lead in the first place. It often takes an extra click on the destination post or image to get to the real details such as the recipe or blog post being referenced by the image. Above the image you will see the URL it links to, though, and if its an unrecognized or shortened URL you should avoid it.

Another thing you should run away from are pins that require you to repin the material before you are allowed to click through for the details. For example, if you click on an image of a meal that looks tasty, and you then click again to try to get the recipe for that meal and you get a message directing you to first repin the image in order to gain access--don’t. This is a common tactic used to get Pinterest users to compromise their systems with malware and perpetuate the attack to others.

Savvy attackers will always identify the weaknesses of a valuable target and find ways to exploit them. With Pinterest, though, it has gotten to the point where the technically adept attackers have developed automated toolkits that enable even novice attackers to implement scams and attacks on Pinterest with ease.

The sky is not falling and you don’t need to shut down your Pinterest account. Just be aware that Pinterest is under siege by scams and malware attacks, and use a hefty dose of cautious skepticism before clicking on things.

Subscribe to the Security Watch Newsletter