As Pinterest, the "virtual corkboard," picks up steam, cyber attackers have begun tainting the site with malicious ads.The social networking site du jour lets you clip pretty images from around the Interwebs and pin them to your virtual corkboard, which you share online. Another member looking at your Pinterest board can click into your pinned images, and get redirected to the original site. As with Facebook, Google+, Twitter, and other sites targeted by cyber attackers, Pinterest offers a false sense of legitimacy: if a survey promising free Starbucks is on your friends board, surely its safe, right?
The Pinterest scams draw your attention with freebie offers or enticing photos. Clicking on them automatically redirects you to a phishing site where you enter personal details into legit-looking surveys. Of course, youll never receive the promised goods, but the scammers will use your personal details for more nefarious purposes.Trend Micro blogged about the Starbucks and Coach scams, whileSymantec found offers for red velvet cake:
How are these ads spreading? Pinterest users themselves. The first step in all these scams, said Ben Greenbaum, a senior principal software engineer at Symantec, is that the victim has to pin it onto their friends corkboards. However as Symantec noted in its blog post, the scammers couldnt quite get the replicating code to work."This isnt a technologically sophisticated hack, theres no vulnerability within Pinterest making it work. Like every social engineering scam it involves scammers taking advantage of peoples trust," said Greenbaum.
Complicating matters for you, dear Pinterest member, is that advertising is allowed on the site, although the company does not take responsibility for malicious ones. So how can you avoid this? Symantec offers two words of advice. The first is a healthy dose of skepticism."If an ad asks you for personal identifying information, its probably not legitimate," Greenbaum said.
The second is to install a security suite with an antiphishing component, so that if you accidentally click on a phishing link youll get a warning. Symantecs own Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) suite consistently blocks phishing sites better than almost all the rest. Of all current suites only Bitdefender Total Security 2012 ($79.95 direct for three licenses, 4 stars) has beaten Norton.For more on Pinterest, see our full review. If youre already a member, be sure to follow PCMag’s Pinterest boards.For more from Sara, follow her on Twitter @sarapyin.