Pinterest has exploded onto the social networking scene as the new hot thing to do. Beware what you click on or pin, though. The skyrocketing popularity of the site isn't lost on cyber criminals, and the very nature of the site makes it ripe for exploitation by online scammers.
At the root of the issue is that Pinterest is built on a behavior that is generally frowned upon from a security perspective - clicking on things. Users pin linked images to virtual corkboards, and followers click on the images/links to see what all the fuss is about, and perhaps re-pin it to their own Pinterest boards.
So, what happens when someone inserts an image linked to a malicious script or site? According to Symantec, survey scammers have discovered the wonder of Pinterest, and have begun to take advantage of it.
Survey scams usually come with the promise of some reward - "just take 30 seconds to complete our survey and we'll reward you with a $100 gift card." If a Pinterest user takes the initial bait and clicks on the image, he or she is redirected to an external website, and that is where the "fun" begins.
First, these scams typically require that the user re-pin the image to their own Pinterest boards in order to continue on to access the survey and earn the reward. Re-pinning the image helps propagate it to a wider audience of Pinterest users who will likely click on the image as well because the person re-pinning it is a person they trust. Rinse and repeat as those users click through and also re-pin the image to participate in the survey themselves.
Eventually, the scam will ask the user to complete a survey, or register for something, or share personal information, or some other shady thing the Pinterest user should not be doing. According to Symantec, the scams are typically tied to some sort of cost-per-action based compensation network. Each duped Pinterest user represents somewhere between one and 64 dollars.
These attacks may be new to Pinterest because Pinterest itself is new. But, the concept of survey scams and other phishing attacks is certainly nothing new. The same security practices and common sense that shield users from attacks on Facebook, or Twitter, or the Internet at large apply on Pinterest as well.
Simply put - don't click on anything if you don't know what it links to. Granted, as mentioned earlier that's virtually impossible on Pinterest. The whole point of Pinterest is to share things visually, and click on stuff in order to find out what it is.
But, users should still exercise some cautious skepticism and be careful. When a link starts taking you to sites that seem shady, or demand that you re-pin the image as well as a condition of learning more, that should be an automatic red flag.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.