It was only a matter of time
Last fall, AGBeat predicted that phishing scammers would discover Pinterest and it appears that day has arrived. Phishing is when an internet scammer lures you in with a survey, quiz, free offer or other way to get you to what typically looks like a legitimate website, wherein users offer up email addresses or personal information that is used to acquire personal information like credit card details, passwords and usernames, and more data that can be used by the scammers.
In high school economics class, we all had to repeat “tin-staff-full” over and over in a week devoted to the economic (and psychological) concept that TINSTAFL (there is no such thing as a free lunch), which repeats in my head at least weekly – it was ingrained in us as teenagers that there is always a catch. Rolex is not going to give you a watch in exchange for your email. Ever. A phisher will take your personal and financial information in exchange for your email. TINSTAFL. Chili’s is not going to give you a $50 gift card for taking a quick survey without showing you a ton of fine print, and likely entering you into a drawing. Boom- TINSTAFL.
Anatomy of the scam:
Now, when you go to Pinterest, you’ll be met with well meaning people sharing that Starbucks is giving away free gift cards to Pinterest users, and it looks legitimate, but when you visit the site, it is a knock off site that collects your information but is a scam. These scammers are prevalent on Facebook and when you get spam messages that appear to be from friends, most have become groomed to be able to spot a scam and realize that clicking on a suspicious link can get your financial data stolen and abused.
Pinterest is no less vulnerable than Facebook, or Twitter, and suspicious links should never be clicked. Remember, TINSTAFL. If you click on a pin to enlarge it, then hover over the photo, you will see the URL in the bottom left of your browser, and if it says anything other than Starbucks.com or Coach.com, move along, there is nothing safe to see here.
Just like on Facebook – spotting suspicious links
Abigail Pichel at TrendLab’s Malware Blog writes, “It’s the same attack we’ve seen before, but on a a different social media site. Cybercriminals use names of legitimate brands to convince users to either click a link or visit a particular site.”
Pichel noticed the following two pinned images lead to the same phishing scam via survey site:
Remember, TINSTAFL, but if that doesn’t stick, here are guides from the Malware Blog on threats to social networks that apply not only to Pinterest, but Twitter, Facebook and others:
- How Social Engineering Works
- A Guide to Threats on Social Media
- Spams, Scams and Other Social Media Threats
- Shedding Light on Social Engineering Schemes
Sheila Rasak
March 6, 2012 at 8:17 am
I’m going to keep this simple by merely stating that if it’s free…it costs too much.
Thanks for the warning!
Mike Bowler Sr (@MIrealestate)
March 6, 2012 at 6:26 pm
Come on, why pick on Pinterest, we all know, well some of us know all the social media sites run the same risk. I guess bad news sells. 🙂
Lani Rosales
March 6, 2012 at 9:38 pm
Mike, are you serious? The story above specifically notes that Pinterest is as vulnerable as any other social network, specifically Facebook.
Last fall, we had all of our credit and bank cards stolen and we lost thousands. Yes, we were able to recoup some of it, but we lost a lot of money, as purchases popped up all around the world by people who had physical replicas of our card. The banks and credit card companies see this so frequently, that they can’t even trace how or why or where it happens, so they simply try to get your money back. No telling what I clicked that caused it, because I’m on thousands of web pages every day.
So no, I’m not picking on Pinterest, I’m clearly one of the loudest Pinterest advocates in the nation, but I do think it’s appropriate to warn people that TINSTAFL, don’t you? Wouldn’t it be inappropriate to ignore the story as someone people look to for Pinterest advice? I think so.