Pinterest has grown very much in popularity in the past few months, reaching around 10 million users. This didn’t go unnoticed by spammers and other cybercriminals who started relying on Pin it, the equivalent of Facebook’s Like, in their malicious campaigns.
Zscaler researchers came across a couple of sites, pinterestpromo.info and giftinterest.com, that integrate the Pin it widget to ensure that Pinterest is utilized as a spam propagation tool.
Experts found that the plot itself doesn’t differ that much from the classic Facebook scams, in this instance the potential victims being promised free iPhones and iPads in exchange for a Pin it.
However, the uncommon thing about this scheme is that the Pin it button is not actually real, instead it’s a fake variant that once clicked, redirects users to another website that offers more fabulous prizes.
Those who find themselves on this final site are urged to fill out surveys or trial offers which earn the crooks a lot of money either by signing up the unsuspecting victim to paid phone services or via affiliated marketing mechanisms.
“Any website with features to spread links quickly to a trusted group of people is doomed to be abused by spammers,” Zscaler’s Julien Sobrier wrote.
In other words, from now on users shouldn’t be on the lookout for scams only on Facebook. A site that has a lot of customers and at the same time offers a lot of liberty is bound to be exploited one way or another.
Not to mention the great widgets that can be incorporated in any website. They give scammers the opportunity not only to promote their shady campaigns, but also to replace them with fake ones that are even more dangerous.
Anything from a complex scam to a site that serves drive-by infections can hide behind an apparently innocent Like or Pin it button.