Cybercrooks bring their schemes to Tumblr and Pinterest

Digital criminals are expanding their social-networking nefariousness beyond Facebook and Twitter to try to trick users into downloading malicious payloads.

Lance Whitney
Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
2 min read

Social networks have long been a target for cybercriminals, but now the bad guys are expanding their horizons.

Malware writers are aiming at such hot social networks as Tumblr and Pinterest to trap a new wave of victims, says a report out yesterday from GFI Software.

"Established sites like Facebook and Twitter have long been a breeding ground for new cyberattacks, but now we are seeing scammers taking an interest in the popularity of newer sites like Pinterest in order to catch victims off guard and trick them into clicking on something they shouldn't," Christopher Boyd, senior threat researcher at GFI Software, said in a statement.

Analyzing the malware landscape in April, the security firm found a host of schemes and scams directed at social network users.

In one campaign, Twitter was used as bait to take advantage of users on Pinterest. A Twitter account called "Pinterestdep" (which has since been suspended) claimed to offer Visa gift cards to people in exchange for sharing their opinions about Pinterest. But instead, intended victims were directed to a Web site that prompted them to fill out several rewards offers and convince their friends to do the same.

Misspelling the name Tumblr was the trigger for another scam. Users who accidently typed "tublr" would be redirected to a message claiming they had been chosen as a "daily winner," prompting them to fill out surveys and respond to offers to pick up their prize. A check of the URL www.tublr.com shows that this scam remains in full bloom.

The popularity of Twitter still makes it a juicy target for cybercriminals.

In one scareware campaign, Twitter users were sent "must-see" links to Web pages that installed phony antivirus software on their computers. The victims where then informed that their PCs were infected with a virus and that they would need to make a payment to clean up their systems. Additional links using the Blackhole exploit kit were sent to the same people directing them to a site with another scareware program known as "Windows Antivirus Patch."

"With countless studies being released which point to the regularity with which users are visiting their favorite social networking sites, it should come as no surprise that cybercriminals see these sites as prime targets for their attacks as they look to reach as many people as possible," Boyd added.

For users of social networks, the advice is the same as always. Make sure your security software is up to date and that your operating system and applications are fully patched. And trust your own instincts to avoid any links, Web pages, or online offers that essentially scream out "This is a scam."