In March, McAfee Labs reported a new wave of social scams targeting Pinterest users that could compromise their personal information. Today, McAfee Labs warns consumers that ready-to-use toolkits, that make it easy for anyone to start a Pinterest scam without much difficulty or technical skill, are readily available on the web.  These toolkits are used by cybercriminals to redirect users to scam sites, asking them to fill out surveys or purchase products that will compromise their personal data and bank accounts. It’s important to be aware of these emerging threats and Pin with caution.

Here are more details about these recent threats, and how to avoid them.

The Scam:

McAfee Labs has observed that these scams create fake posts on Pinterest.com using various accounts that contain images and links to various websites. If a Pinterest user visits any of these and clicks on the link, they will be redirected to a new website where they are asked to “Pin” the content before they can proceed further.

After a user has “Pinned” the content, it will redirect users to another website depending on the device they are using:

1.    If users are browsing the site from a non-mobile device, they will be redirected to other sites to complete surveys.

2.    In some cases users can be redirected to Amazon.com or similar ecommerce sites where spammers can make money though an affiliate program.

3.    If users are browsing the site from a mobile device, this can lead to premium calling numbers that cost users money.

The Dangers: Many of these scams ask users to complete surveys which require the user to fill in his or her personal details like name, email address and mobile number.  This information can be used in various malevolent activities like spamming, but in the case of mobile devices, this may lead to premium calling numbers where users are stuck with the bill.

Bottom Line: With the exponential growth of Pinterest users, these scams are becoming more popular amongst spammer to make quick money. When using Pinterest, click and pin with caution.

Tips to Avoid Becoming a Victim:

1.    Never share your password.  These tools make it very easy to mass-comment or post from any account.

2.    If any page asks you to “Pin It” before you can see the content, this is mostly likely a scam. Do not click on the “pin it” button and leave the page.

3.    If any page offers you a “free gift card” and redirects you to a survey, this is most likely a scam. Do not click on the “pin it” button and leave the page.

4.    Be careful while clicking links that have catchy titles like “shocking video,” “you will not believe it,” ”free give away,” etc. Most of the time, these lead to scams.

Tips on What to Do If You Have Become a Victim:

You’re a victim, now what?

1.    Change your password immediately.

2.    Login to your Pinterest account and remove the “spammed” posts.

3.    Report all related posts to Pinterest using “Report Pin” feature.

For more information you can read the Mcafee Labs blog here.

We found a couple of such toolkits on the Internet. They are also available for sale on various forums over the net.

Each tool performs a specific function. For example, the folder Pinterest Content Locker contains a couple of scripts to set up scams. This particular one is a scam technique in which victims visit the website and get a “content locked” message stating that they need to click on the “Pin It” button to unlock the content. Here is an example:

In the php code we can see the following:

The code contains an array of links and it randomly selects one to post on Pinterest. It also uses an “unlocked” cookie to check whether a user has already visited the webpage and clicked on the pin button.

The scam requires that a victim click on the “pin it” button before seeing the content of the web page:

The code then calls a function Clicked. This function opens a new window and takes the user to Pinterest for pinning the content. Then it calls another function Remove_Overlay:

This function sets the cookie “unlocked” with value =1 and expiration date as the current date plus one. This is done so the next time users open the same URL, they will not get the content-locked message.

The code also has the folder viral script, which contains a php file used to display various scams:

The image asks the user to click on the “pin it” button, which posts the URL to Pinterest. Then it asks the user to perform the final step, which leads to an attacker-defined survey URL.

The trick is to get victims to click on the “pin it” button before clicking on “Final Step.” If users first click Final Step, then they see this message:

Let’s look at the code of “Click Here”:

It has a link element with id=”linkos” and whose value is javascript:window.alert(“Please Complete Step 1”).

This value can be modified at runtime after the user has clicked on the “pin it” button, shown in the next image:

When a user clicks “pin it,” it calls the function “PopupCenter, which will post the link to Pinterest and call the function “RevealLink.” This function changes the value of “linkos” as follows:

Another template employs the preceding technique with a different GUI, which seems like the actual Pinterest site:

The template contains an executable named Pinterest Amazon Product Submitter. This is a bot that scrapes Amazon for products based on given keywords and then submits them to Pinterest.

When victims click on a Pinterest post they are redirected to the scammer’s site, which will contain a “redirect script” or “cloaker script” that will simply redirect users to Amazon with the scammer’s affiliate ID. Amazon does not see the referral as Pinterest but rather as the scammer’s custom page–and the scammer can earn money:

There is also a mass bit.ly link generator, which will generate random links for the scam’s URL:

The trick here is to use “?” at the end of the URL so that tool will add a random string after “?” and get different URLs from bit.ly. This technique makes it possible for an attacker to generate as many random URLs as needed, with all pointing to same location.

Another script, “Detecting Mobile Phone Visitors,” can check the user agent of the web browser and determine the device from which a user visits the site.

Depending upon the device, a user can be redirected to a variety of URLs. We have observed that in the case of mobile devices, the redirection often leads to pornographic images which, upon being clicked, open a phone dialer with premium calling numbers. In the case of nonmobile devices, the redirection often leads to various survey scams.

The toolkit also includes “Pinterest follower bot,” which can be used for mass following on Pinterest:

We also find a tool for making mass comments on Pinterest posts:

Another tool generates Pinterest invites:

And would you believe that these tools even come with well-written documentation?

Such toolkits make it very easy for scammers to start their own scam sites and become functional cybercriminals with a minimum of skills and time. They need only change a couple of simple things, such as URLs, and they are ready to go. Almost all these steps–from creating mass Pinterest accounts to mass liking, commenting, and posting–have been automated.

Most of these scams try to lure users with titles such as “get free gift card,””Shocking Video,” “you can not believe it,” etc.:

When users click on such URLs, they will be:

• Redirected to a survey scam, where scammers earn money when users complete surveys
• Redirected to Amazon or another site, where scammers can earn money by referral
• Led to premium calling numbers of mobile devices

Please follow these guidelines to stay safe:

• Never share your password with anyone. Such tools make it very easy to mass-comment or post from any account.
• If any web page asks you to “Pin It” before you can see the content, most likely it is a scam
• If any web page offers you a “free gift card” and redirects you to surveys, most likely it is a scam
• Be careful while clicking links that have catchy titles like “shocking video,” ”you will not believe it,” ”free give away,” etc. Most of the time, they lead to scams and trouble!