14 DAY TRIAL // Experts have spotted a spam campaign that abuses Pinterest’s popularity in an effort to lure users to BlackHole exploit kit websites.
The spam emails inform recipients that their Pinterest passwords have been “successfully changed.”
When users click on the “See Password” button from the notification, they’re taken, via several redirects, to a website that hosts the exploit kit.
The BlackHole exploit kit probes the victim’s computer for software vulnerabilities and leverages them to push a backdoor malware onto the device.
The malware in question is a variant of Cridex, which allows cybercriminals to take over the infected computer.
“While there is nothing new in this routine, users are still advised to always perform account-related changes only the websites they subscribe to,” Trend Micro researchers noted.
To protect yourself against such threats, make sure that all your software is up to date, and that an antivirus application is running in the background. Also, try to avoid clicking on links contained in suspicious-looking emails.