These toolkits are taking advantage of Pinterest accounts that use automated liking, commenting, and posting, explained McAfee analyst Hardick Shah. Pinterest enables users to create virtual corkboards.
“These tools are so easy that many require only the attacker or scammer to change a couple of lines of code in the available kit. They can literally start a new Pinterest scam within minutes! Such tools come bundled with all the required software: account creator, mass follower tools, mass liker tools, comment posters, etc.”, wrote Shah in a blog.
If users click on the malicious links in the scam, they could be redirected to a survey scan, where scammers earn money when users complete surveys, to Amazon or another site, where spammers can earn money by referral, or to premium calling numbers on mobile devices.
Shah offered a number of tips for users to avoid Pinterest scams: never share your password with anyone; if any web page asks you to ‘Pin It’ before you can see the content, most likely it is a scam; if any web page offers you a ‘free gift card’ and redirects you to surveys, most likely it is a scam; and be careful while clicking links that have catchy titles like ‘shocking video’, ‘you will not believe it’, ‘free give away’, etc.