We’ve known for a while that spam was jumping on the Pinterest train. Now, security software service McAfee is sending out an official warning to keep an eye out for fraudulent pins.
According to McAfee, hackers have created entire toolkits that make it fast and easy to deploy new spam campaigns on the social network. Pinterest displays “pins,” or images taken from around the Web, to a “board.” These images are outbound links to various websites, and are ripe for exploitation.
“These tools are so easy that many require only the attacker or scammer to change a couple of lines of code in the available kit,” said McAfee senior research engineer Hardik Shah in a blog post. “They can literally start a new Pinterest scam within minutes!”
The toolkits come with software that has the ability to “mass-like” pins, add an account creator, mass-follow people, automate fake commenting activity, and more. These toolkits have been behind much of the malware distribution in 2011. They allow hackers/scammers to automate the process of creating unwanted content (see: Internet-crap & spam), and then distribute it.
We found a scam on Pinterest in early March that showed a picture of a Cheesecake Factory coupon, promising free gift cards to all users. Scams are often touted as a “Pinterest special,” available only for users of this special, new social site. And because it is a special, new social site, people believe the fake offer. Many of these scams also ask a user to “re-pin” the image first (broadening the circle of lies), and will then prompt that user to take a survey. This kind of activity falls in line with phishing scams, as opposed to malware attacks.
McAfee warns that if a website asks you to re-pin before delivering the content, it’s most likely a scam. The security firm also makes the point that Pinterest users should beware of affiliate link spam, which is when scammers lure bystanders to an Amazon page that is associated with the scammer’s account. When that person subsequently buys something on Amazon, the company pays a commission to the scammer.
Beware of pins that lead you to website that masquerade as Pinterest as well. These will try to push the same, “You won this contest!” type of pin, and they are generally fake.