It was only a matter of time
Last fall, AGBeat predicted that phishing scammers would discover Pinterest and it appears that day has arrived. Phishing is when an internet scammer lures you in with a survey, quiz, free offer or other way to get you to what typically looks like a legitimate website, wherein users offer up email addresses or personal information that is used to acquire personal information like credit card details, passwords and usernames, and more data that can be used by the scammers.
In high school economics class, we all had to repeat “tin-staff-full” over and over in a week devoted to the economic (and psychological) concept that TINSTAFL (there is no such thing as a free lunch), which repeats in my head at least weekly – it was ingrained in us as teenagers that there is always a catch. Rolex is not going to give you a watch in exchange for your email. Ever. A phisher will take your personal and financial information in exchange for your email. TINSTAFL. Chili’s is not going to give you a $50 gift card for taking a quick survey without showing you a ton of fine print, and likely entering you into a drawing. Boom- TINSTAFL.
Anatomy of the scam:
Now, when you go to Pinterest, you’ll be met with well meaning people sharing that Starbucks is giving away free gift cards to Pinterest users, and it looks legitimate, but when you visit the site, it is a knock off site that collects your information but is a scam. These scammers are prevalent on Facebook and when you get spam messages that appear to be from friends, most have become groomed to be able to spot a scam and realize that clicking on a suspicious link can get your financial data stolen and abused.
Pinterest is no less vulnerable than Facebook, or Twitter, and suspicious links should never be clicked. Remember, TINSTAFL. If you click on a pin to enlarge it, then hover over the photo, you will see the URL in the bottom left of your browser, and if it says anything other than Starbucks.com or Coach.com, move along, there is nothing safe to see here.
Just like on Facebook – spotting suspicious links
Abigail Pichel at TrendLab’s Malware Blog writes, “It’s the same attack we’ve seen before, but on a a different social media site. Cybercriminals use names of legitimate brands to convince users to either click a link or visit a particular site.”
Pichel noticed the following two pinned images lead to the same phishing scam via survey site:
Remember, TINSTAFL, but if that doesn’t stick, here are guides from the Malware Blog on threats to social networks that apply not only to Pinterest, but Twitter, Facebook and others:
- How Social Engineering Works
- A Guide to Threats on Social Media
- Spams, Scams and Other Social Media Threats
- Shedding Light on Social Engineering Schemes