Spammers have jumped on the latest social media craze: the photo sharing site Pinterest. And they’re being helped out by new, automated spam toolkits designed to exploit the fast growing new social network.

As Threatpost has reported, spammers have figured out ways to use Pinterest to drive traffic to scam Web sites that push online surveys and other advertisements to visitors. Now researchers at McAfee report that spammers are being aided by a slew of new tool kits that automate Pinterest spam runs.

Writing on the McAfee Labs blog on Monday, researcher Hardik Shah reports that McAfee researchers have found toolkits for sale online that allow even unsophisticated users to launch Pinterest spam campaigns.

The campaigns used lures such as offers for free gift cards, or “shocking video.” Upon clicking on the URLs, victims are directed to Web sites that the attackers are promoting. Some are legitimate sites looking for referral traffic, others are survey Web sites that pay the scammers for each completed survey. Still others send premium SMS messages being sent by the victim’s phone.

The tools, which are for sale on spamming forums, provide ready made scripts that allow users to create their own scams by modifying text values within the scripts. In one scam, the victim are tricked into visiting a Website that displays a pop-up message saying the image the user wants to view is “locked content,” and requiring them to click the Pinterest “Pin It!” button to unlock the content. Users can use it to promote the addresses of a variety of Web pages and push the Pinterest user to a survey Web site.

The toolkits also contain features for automating Pinterest “follows” and comments across a wide user base.
McAfee advises Pinterest users to protect their account credentials, avoid tantalizing offers like “free gift cards” on Pinterest, and to show extra caution that asks you to “Pin” an image before you have viewed it.

Categories: Cloud Security, Mobile Security, Social Engineering, Web Security

Comment (1)

  1. Anonymous
    1

    Most of the advise that is being said is stuff that has already been said about other social media. It’s common internet savy advice. It’s just to bad that when the newest social media fad comes out users forget all about these tips and then wonder why their machines are infected or why their identity was stolen.

Comments are closed.