Is Pinterest set to Become the Next Malware Threat?
Unless you’ve been living under a rock, you can’t fail to have noticed the buzz that Pinterest has created. Everyone is raving about how the visually engaging social network is the next big thing; but with success comes a price and the spammers have inevitably already begun to hit the social media site hard.
Many businesses worry about the potential security risks posed by allowing staff to access social media at work; whilst it’s a simple affair to block personal use, it’s also essential to ensure staff who manage business social networking are trained to spot the risks.
The cost to SMBs and enterprises alike can be more than just a minor annoyance; the Ponemon Institute last year estimated that the average cost per infection came to around $318. This doesn’t even factor in the additional time spent on cleaning up in the wake of an attack and even more worryingly, many that had found themselves a victim of cybercrime revealed that sensitive data was the biggest area affected.
So why should Pinterest present a threat?
To begin with because of the way its use has exploded – any site that shows such high, rapid growth is likely to make scammers and cybercriminals take notice. The scams have already begun, just last week I followed one around on various boards which claimed that Pinterest had given them a new Louis Vuitton handbag.
“That’s odd,” I commented, “the URL you give appears to have no connection with Pinterest.”
Of course, most people ignored the poster, who was very prolific over the course of a morning, but there were also a few “wow” comments from users, who said thanks and then clicked away, probably to a malicious site or survey scam.
The most prevalent so far seems to be the H&M voucher scam, but it seems that Pinterest presents a very good opportunity for cybercriminals looking to make even more cash. The social media site itself has recently come under criticism for the amount of emails it sends to users, as well as the lack of clarity over connecting your Facebook friends with the site.
However, one of the biggest threats which hasn’t yet emerged on Pinterest has to be clickjacking. Facebook still has a huge amount of this kind of threat doing the rounds – usually with sensationalist headlines which entice clicks. These lead to survey scams, where users are invited to complete surveys, which either lead the user being signed up to premium rate text services or the installation of malware on client machines.
Often, this kind of attack relies on social engineering to lure the user into clicking on a photo or video. A hidden, transparent layer overlays the image, which has a malicious code written into it, and takes clickers to a third-party site. As Pinterest is image based, it would make sense to scammers to repeat the formula on this social network.
In order for businesses to protect themselves, it’s vital that they implement a social media policy and train any staff who work on marketing through these channels on the dangers faced.
A recent report from security experts at Panda revealed that almost a third of small businesses have been affected by social media malware. Whilst this is currently driven by the popularity of Facebook, scammers everywhere will be looking to Pinterest as their next target.
77.5% of businesses use social media as a marketing tool and 52% said they had experienced a rise in malware as a result of employee use of social media;as such, the threat can’t be ignored. However, no threat is such that it can’t be avoided and the following actions should be taken.
•Educate staff and implement a social media policy.
•Ensure layers of protection, it’s no longer good enough to have an Anti-Virus solution and firewall, this needs to be complimented with anti-malware and link scanning software.
•Keep all software up to date – malware loves holes in software, so ensure all software is regularly updated, including Windows, Adobe products, browsers and office applications.
The key here is education, if your company allows personal use of social media then consider holding a security workshop, or ban it. Simple.