Problem solve Get help with specific problems with your technologies, process and projects.

Assessing Pinterest security and defending against Pinterest spamming

Expert Nick Lewis discusses the state of Pinterest security and provides info on preventing Pinterest spamming and other social engineering attacks.

The popular social networking site Pinterest has received interest from cybercriminals in the form of spam and...

social engineering. What are some best practices for avoiding becoming a victim on Pinterest? Are there any methods to distinguish real offers from attacks?

Ask the expert!

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Cybercriminals are always going to target the Internet's "next big thing" to proliferate their wares, be it email, Geocities, Facebook, or now Pinterest. How a specific Web app can be abused depends significantly on the security features of a specific application or site, but cybercriminals will always find some way to exploit the hot new application for their illicit gain. That spam and social engineering attackers are targeting Pinterest users shouldn't be a surprise to anyone. McAfee Labs wrote a useful blog post detailing the automated attack kits that are already targeting Pinterest security and some of the protections users should put in place to mitigate any risks involved with using the service. This is a good place to start in order to show users just how easily they may be exploited.

As for methods to defend against Pinterest spamming, the best and most reliable method is simply for users to be wary of these efforts and question whether offers they receive are too good to be true. The same advice applies when defending against other attacks, including spam email, phishing webpages and similar social engineering attacks. Unfortunately, these types of attacks are generally successful while also being difficult to stop technically.

There are some security controls that can be put in place to prevent these types of attacks, including installing a monitoring agent on all systems or reviewing all emails, but they invade users' privacy and might not necessarily be appropriate in certain environments. More realistic and viable options include the use a Web proxy that examines every URL, or an anti-malware network device or control that blocks known bad websites or malicious JavaScript. Though putting technical controls in place is a possibility, the burden of preventing the sort of attacks currently targeting Pinterest largely falls on users, who should be educated about Pinterest scams and be instructed to avoid any places on the site that look even the least bit suspicious. Ultimately, enterprises must promote general security awareness and help users differentiate between legitimate and malicious websites, email or other communications. 

This was last published in September 2012

Dig Deeper on Social media security risks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.