Third-party apps and browser plugins might be responsible for the incidents
Spammers are using compromised Pinterest accounts to advertise shady work-at-home job offers. For users who have linked their Pinterest profiles to Facebook and Twitter it’s even worse, since the spammy messages are pushed onto these websites as well.The growing popularity of the relatively new social media platform Pinterest is beginning to attract more and more cybercriminals. The company has started warning users a few weeks ago to be on the lookout for any suspicious elements (malware, phishing scams, and malicious browser plugins) which could allow crooks to take over their accounts.
However, it seems that many users still fall for the traps set by the spammers. According to Sophos experts, in the past few days a number of shady work-at-home jobs have been advertised.
In situations where the Pinterest account is linked to Twitter and Facebook, the spam appears as messages such as “Omg this is so cool! Can’t wait for more!” or “Omg this is so exciting! Too excited for next ones!”
Bitdefender’s HotForSecurity reports that the attackers haven’t changed the passwords of the compromised accounts. They simply utilized them to promote their shady offers.
Experts report that for some Twitter customers the situation is so frustrating that they have even decided to close their Pinterest accounts in order to stop the spam from flowing in.
Pinterest is working hard on removing the shady pins, but it appears that they’re having difficulties in properly cleaning up the platform. Unfortunately, this incident once again highlights the necessity for a proper anti-spam mechanism that could combat this phenomenon.
For now, Pinterest keeps advising the victims of such attacks to immediately change their passwords. They also recommend users to be cautious when installing third-party apps and web browser extensions since in many cases they’re the ones responsible for allowing hackers to hijack accounts.