Cybercrook’s motto: we’re interested in your interests… and how to make money off them.
What are you interested in? Books? Travelling? Design? Interior decorating? Cooking? Geek stuff? Maybe all of the above and more? Want to find new friends with the same interests? Then Pinterest might just be the place for you. On this social network you can create a profile of personal interests, and talk with other people about them. Sharing your enthusiasm for something only makes it more exciting!
But as history has demonstrated with other social networks, social buzz and activity is what draws cybercrooks’ interest. And although Pinterest is not yet as “populated” as Facebook it shows a huge popularity potential. Which is exactly what cybercrooks leverage to make their internet security scams successful. As always, their gain is dirty money.
Pinterest – strengths and weaknesses
The Pinterest interface is very intuitive. With tens of eye-catching photos and engaging, in-your-face comments, it’s no wonder that users are drawn to it, over and over again, like bees to honey. Also, the simple mechanism of just creating a board on your profile and pin photos and YouTube videos you find all over the web to it, makes it a sharing heaven – not only for you, but for crooks as well. They can exploit these “strengths” to steal your sensitive data and identity.
So, the most common internet security scams you might fall for on Pinterest are survey and phishing scams.
Anatomy of a Pinterest scam
On Pinterest it’s harder to spot internet security scams, precisely because of their simplicity. Users just have to click on a photo or re-pin it, and voila: their internet security is compromised. Sounds scary? Here’s how a phishing scam usually works:
- Cybercrooks create an ad for some freebie and post it all over Pinterest. For example: “[Company Brand] is giving away free gifts/giftcards to all Pinterest users! Click here [link] to get yours.”
- Driven by excitement, you click on the link to the respective webpage, which in fact is a phishing site.
- The first thing you’re asked for is to re-pin the photo – this helps spread the scam.
- Then, you’re asked to complete a survey with your personal details. Some scams require you to sign up for a service or enter your shipping details (address) to receive the gift. Either way, the cybercrooks get paid with every completed survey. And obviously, the promised prize will never reach you.
Companies whose brands have been used, so far, to lure users into clicking and re-pinning the fake ads are Starbucks, Coach and even Pinterest. As a matter of fact, the Pinterest name has also been used in phishing e-mails and even a mobile security scam involving a fake Pinterest app for Android. It has also been target to spam – posting and re-pinning an ad for a questionable product and service over and over again.
Noteworthy is the fact that crooks don’t exploit vulnerabilities in the network, just your interests and trusts.
How to avoid a Pinterest scam
- If you see an alluring ad posted all over your Pinterest interface, it’s probably spam or part of an internet security scam. Don’t click on any photo promoting a too-good-to-be-true offer – even if it looks as though it was made by a famous company.
- If a friend of yours re-pins a tempting ad, it doesn’t necessarily mean it’s legit – especially if it asks you to fill in surveys or give away personal information. Your friend might have fallen for a scam. So don’t click on the ad and give your friend a heads-up.
- Always have an internet security suite that including an Antiphishing tool that protects you against phishing attempts. BullGuard Internet Security 12 comes with such a feature, in addition to a proactive antivirus that spots even the newest forms of malware, and several other internet security features that offer you complete protection.
- And don’t forget – cybercrooks’ find their money where you find your interests!