A Pinterest Phishing Attempt


Most social sharing services have the option to let you know when someone does something with your content.  i.e. retweet, like, bookmark, pin, repin, etc.  Pinterest is no different.

When someone acts on a pin or pinboard, I have it configured to send me a message to an account that I monitor for just this purpose.  I’ll skim through the alerts to see what pins I’ve made that resonate with others.  I don’t do a great deal more than that with them though.

I’ve often heard that the true approval of a new technology is when people find something bad to do with it.  I happened to stumble upon a phishing attempt this morning.  Notice that there is a bunch of redacting in the message below.  It’s done for two reasons – one in case the names are of actual people who perhaps had their accounts hacked – and the second is that I’ve always wanted to use the word “redact” in a blog post.

This is the standard notification message from Pinterest.  In every other message, you can get a sense of what content has caught the attention of the other person.  In this case, it’s about medical supplements.  And, who shouldn’t be interested in dropping a couple of pounds.  But, I don’t know this person and certainly have never pinned anything even remotely related to this so red flags went up immediately.  I did what I normally do.  I just deleted it.

Then, I thought that there might actually be some value doing some investigative work.  I went into the trash and took a look again.

Now, the worst thing that you could do is to click on the bit.ly link.  There’s no indication where this link might take you.  I wasn’t about to do that.  But, underneath one of those redactions is a link to the Pinterest account of the person who named me in the post.

It’s safe to go to this person’s account – allegedly female, from the name.

When I got to the page, I had the uneasy feeling that I needed to look over my shoulder to make sure that I was alone.  The four pinboards there had images that were silicon based – if you know what I mean.  I opened one of the boards to find even more.  Each of the images had much the same content as the message I received only with different people’s names.  I’m wondering if this phisher had just wandered around Pinterest looking for names.

So, my suspicions were confirmed.  I didn’t go any further as the links would go away from Pinterest to a bit.ly link and we all know that that can be bad.  I wonder how many people would get tricked into following the links and end up in undesirable places?

It’s official now.  Just like any other social media service, we now need to have our wits about us with Pinterest.  Don’t let your guard down.

Powered by Qumana

OTR Links 04/21/2012


Posted from Diigo. The rest of my favorite links are here.