As Pinterest, the "virtual corkboard," picks up steam, cyber attackers have begun tainting the site with malicious ads.
The social networking site du jour lets you clip pretty images from around the Interwebs and pin them to your virtual corkboard, which you share online. Another member looking at your Pinterest board can click into your pinned images, and get redirected to the original site. As with Facebook, Google , Twitter, and other sites targeted by cyber attackers, Pinterest offers a false sense of legitimacy: if a survey promising free Starbucks is on your friend's board, surely it's safe, right?
The Pinterest scams draw your attention with freebie offers or enticing photos. Clicking on them automatically redirects you to a phishing site where you enter personal details into legit-looking surveys. Of course, you'll never receive the promised goods, but the scammers will use your personal details for more nefarious purposes.
Free Starbucks giftcard? Not so fast:
"TOO GOOD OT BE TRUE!" screams an offer for free Coaches wallets and purses:
Mmm...red velvet cake (insert Homer Simpson moan here). I know which scam I'd fall for:
How are these ads spreading? Pinterest users themselves. The first step in all these scams, said Ben Greenbaum, a senior principal software engineer at Symantec, is that the victim has to pin it onto their friends' corkboards. However as Symantec noted in its blog post, the scammers couldn't quite get the replicating code to work.
"This isn't a technologically sophisticated hack, there's no vulnerability within Pinterest making it work. Like every social engineering scam it involves scammers taking advantage of people's trust," said Greenbaum.
Complicating matters for you, dear Pinterest member, is that advertising is allowed on the site, although the company does not take responsibility for malicious ones. So how can you avoid this? Symantec offers two words of advice. The first is a healthy dose of skepticism.
"If an ad asks you for personal identifying information, it's probably not legitimate," Greenbaum said.
The second is to install a security suite with an antiphishing component, so that if you accidentally click on a phishing link you'll get a warning. Symantec's own Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) suite consistently blocks phishing sites better than almost all the rest. Of all current suites only Bitdefender Total Security 2012 ($79.95 direct for three licenses, 4 stars) has beaten Norton.
For more from Sara, follow her on Twitter @sarapyin.