Social networking sites have changed the way we do business and this is especially true if you are in the business of cybercrime. Cybercriminals have long focused on social networking sites to target consumers and these sites provide the perfect breeding ground for ‘social engineering’ attacks, whereby users are tricked into disclosing confidential information or downloading malware.
This is because social networks, by their very nature, make it easy for fraudsters to access personal information including details of friends, social events, interests and hobbies. Fraudulent posts or messages entice readers to open them by referencing a friend, or a claiming to link to photos from a recently attended event.
Scammers have consistently used this type of information to propagate targeted attacks on Facebook and Twitter and given the explosive introduction of Pinterest, it's on surprise that the new social media darling is now squarely in the sights of cybercriminals.
Earlier this year, Pinterest fast became one of the fastest growing social media sites to ever hit the web, attracting more referrals than Google , YouTube and LinkedIn combined. There are now over 10 million active users and numbers will continue to grow. Pinterest allows users to create virtual corkboards, pin content from other external Web pages onto these boards, and then share their boards with others. Scammers are already exploiting Pinterest users by posting images and links to fraudulent ‘survey scams’. These scams entice consumers with free gifts, based on the interests of the users in question.
Pinterest users who click on survey scam links are taken to malicious websites. These sites often require users to re-pin onto their own Pinterest board, helping to spread the scam. After re-pinning, the user is redirected to survey scam pages which ask the user to sign-up for subscription services, reveal personal information, or even install unwanted executables.
Some of the Pinterest scams Symantec has recently analysed lead to cost-per-action (CPA) based networks. For each successful click through the scammer makes between one and 64 US dollars – some scammers could be earning a few hundred dollars each day from these scams.
To avoid being targeted by Pinterest scams, consumers should be wary of surveys offering gifts that seem too good to be true and should not re-pin such content. Pinterest users should also review their boards and remove pins that could be related to this type of scam. Additionally, they should remember that social media sites will not request credit card information, login information or other personal details over unsolicited pop ups or emails. Finally, consumers should use up to date antivirus products which will shield them from this type of threat.
Craig Scroggie is Vice President and Managing Director for the Pacific Region operations of Symantec.