Pinterest may have set the media abuzz at an interactive entertainment conference earlier this month, but according to online security firm, Symantec, scammers are also targeting the service to hook unsuspecting users with a survey based scam that could trick the unwary into giving out passwords, financial accounts and other sensitive details as well as installing malware on their PCs.
2. 2April 2012 - (Symantec)view link
http://www.stuff.co.nz/technology/digital-living/6607089/Symantec-Pinterest-scam-hooks-u
- Pinterest may have set the media abuzz at an interactive entertainment conference
earlier this month, but according to online security firm, Symantec, scammers are also
targeting the service to hook unsuspecting users with a survey based scam that could
trick the unwary into giving out passwords, financial accounts and other sensitive
details as well as installing malware on their PCs.
According to John McDonald, the Operations Manager of the Symantec Security
Response team, the scam works by placing links in forums, article comment sections
and on social networks to entice the unsuspecting to complete surveys by promising
items such as gift cards or big ticket electronics.
If an unsuspecting user clicks on a scam image they're typically taken to an external
website which states that in order to take advantage of the offer, they must first re-pin
it onto their Pinterest board.
Doing so helps spread the scam to the wider Pinterest community, increasing its
credibility as the offer is posted by a trusted and known source. When the source's
followers do the same, the scam turns into a self-perpetuating cycle.
3. After a user re-pins the scam, they are asked to click on another link. This then
redirects them to a survey scam page and asks them to fill in surveys, sign-up for
subscription services, reveal personal information, or even install unwanted
executables and malware that could compromise the security of their PC.
As long as the user fills out multiple marketing surveys, their rewards appear
legitimate.
This is not a new ploy by scammers, with similar schemes being used on Facebook.
Security experts say that users can protect themselves in a couple of different ways,
first by using an internet security package, and educating themselves (and others)
against such scams.
According to McDonald being scam aware is reasonably straightforward; "don't click
on links or attachments, especially shortened URLs, and don't give out personal or
financial information online. A reputable company will never ask you to divulge
sensitive information via an email or text message. Educate your children about
online safety and encourage them to report anything suspicious. "
4. McDonald also adds that "if it looks too good to be true, it probably is".
Online scams are the third most prevelant type of cybercrime in New Zealand, according to
figures from Norton Cybercrime Report, only out-numbered by computer viruses and social
network profile hacking
From the scammer end of the equation, the motivations for their dodgy activities are fairly
straightforward.
According to Symantec, some of the Pinterest scams they've analysed lead to a cost-per-action
based network. For each successful conversion, the scammer is expected to make between one
and US$64. It is possible in theory that scammers could be earning anything up to a several
hundred dollars per day.
Sadly, cybercriminals tend to go where the masses go, when the next big thing hits, scammers
tend to hot on the heels of whatever it is. Social media and mobile are the current hotspots but
McDonald adds that "With the emergence of smartphones we're starting to see cybercriminals
target mobile devices far more than ever before. According to the latest Norton Cybercrime
Report, 8 percent of Kiwis have been a victim of cybercrime via their mobile phone".
Symantec recommend that users review their Pinterest boards and remove pins related to scam
surveys.
Norton Collection of Classic and Scientific Literature weblog (TheCollection)
http://norton-scientificcollection.com/collection/