Cybercrooks bring their schemes to Tumblr and Pinterest

Digital criminals are expanding their social-networking nefariousness beyond Facebook and Twitter, to try to trick users into downloading malicious payloads.

(Screenshot by CNET Australia)

Social networks have long been a target for cybercriminals, but now the bad guys are expanding their horizons.

Malware writers are aiming at such hot social networks as Tumblr and Pinterest to trap a new wave of victims, according to a report released on Wednesday by GFI Software.

"Established sites like Facebook and Twitter have long been a breeding ground for new cyber attacks, but now we are seeing scammers taking an interest in the popularity of newer sites like Pinterest, in order to catch victims off guard and trick them into clicking on something they shouldn't," Christopher Boyd, senior threat researcher at GFI Software, said in a statement.

Analysing the malware landscape in April, the security firm found a host of schemes and scams directed at social-network users.

In one campaign, Twitter was used as bait to take advantage of users on Pinterest. A Twitter account called "Pinterestdep" (which has since been suspended) claimed to offer Visa gift cards to people in exchange for sharing their opinions about Pinterest. But instead, intended victims were directed to a website that prompted them to fill out several rewards offers and convince their friends to do the same.

Misspelling the name Tumblr was the trigger for another scam. Users who accidently typed "tublr" would be redirected to a message claiming they had been chosen as a "daily winner," prompting them to fill out surveys and respond to offers to pick up their prize. A check of the URL www.tublr.com shows that this scam remains in full bloom.

The popularity of Twitter still makes it a juicy target for cybercriminals.

In one scareware campaign, Twitter users were sent "must-see" links to web pages that installed phony antivirus software on their computers. The victims where then informed that their PCs were infected with a virus, and that they would need to make a payment to clean up their systems. Additional links using the Blackhole exploit kit were sent to the same people directing them to a site with another scareware program known as "Windows Antivirus Patch".

"With countless studies being released, which point to the regularity with which users are visiting their favourite social-networking sites, it should come as no surprise that cybercriminals see these sites as prime targets for their attacks as they look to reach as many people as possible," Boyd added.

For users of social networks, the advice is the same as always. Make sure your security software is up to date and that your operating system and applications are fully patched. And trust your own instincts to avoid any links, web pages or online offers that essentially scream out: "This is a scam".

Via CNET



Add Your Comment

Avatar
 

Be the first to comment on this story!


Post comment as


Sponsored Links

Recently Viewed Products