Pinterest, the popular image-based social network with approximately 13 million users, has recently captured the attention of some unwanted users – cybercriminals. Unfortunately, according to Trend Micro, scammers have descended on the popular network and are promising Pinterest users free gift cards and merchandise in exchange for re-pinning an image and completing an online “survey.”
When a Pinterest user clicks the bogus free giftcard or merchandise pins (i.e. the Starbucks pins in the image above), the user’s browser is redirected several times and will eventually land on a “survey” site. The survey site promises the user a free gift in exchange for sensitive information. In addition to phishing, the free survey will also encourage the unknowing user to re-pin the image.
Although the scam was designed to look like a legitimate promotion, users should always exercise extreme caution when entering personal details and information in exchange for a free gift. In addition, Pinterest users should ensure that the web address or URL of the site collecting data aligns with the offer they were previously served. If a user clicks on an offer for a free Starbucks gift card and lands on a web address other than Starbucks, it is likely that the offer is a scam. Currently, Starbucks, Cheesecake Factory, and Coach are a few of the prominent companies that have been targeted by the cybercriminals.
The computer security firm Trend Micro said the following regarding the scam in a recent blog post:
“It’s the same attack we’ve seen before, but on a different social media site. Cybercriminals use names of legitimate brands to convince users to either click a link or visit a particular site.”
Since the Pinterest network is based on the premise of people posting images that link to other websites, it is going to be difficult to prevent legitimate users from this sort of scam moving forward. However, as the social network continues to grow, the security approach and methods will undoubtedly improve and make it more difficult for the scammers to take advantage of unsuspecting users.
[Sources Include: Trend Micro Blog & VentureBeat; Image by: Trend Micro Blog]