PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Pinterest Scams: Free Starbucks, Red Velvet Cake Photos, and More

Sara Yin
 & Sara Yin Junior software analyst

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Pinterest cake

As Pinterest, the "virtual corkboard," picks up steam, cyber attackers have begun tainting the site with malicious ads. 

The social networking site du jour lets you clip pretty images from around the Interwebs and pin them to your virtual corkboard, which you share online. Another member looking at your Pinterest board can click into your pinned images, and get redirected to the original site. As with Facebook, Google+, Twitter, and other sites targeted by cyber attackers, Pinterest offers  a false sense of legitimacy: if a survey promising free Starbucks is on your friend's board, surely it's safe, right?

The Pinterest scams draw your attention with freebie offers or enticing photos. Clicking on them automatically redirects you to a phishing site where you enter personal details into legit-looking surveys. Of course, you'll never receive the promised goods, but the scammers will use your personal details for more nefarious purposes.

Trend Micro blogged about the Starbucks and Coach scams, while Symantec found offers for red velvet cake: 

Free Starbucks giftcard? Not so fast: 

pinterest scam b

"TOO GOOD OT BE TRUE!" screams an offer for free Coaches wallets and purses:

Recommended by Our Editors

Wikipedia Editors Could Strike Following Layoffs
Wikipedia Editors Could Strike Following Layoffs
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets
Pinterest scam c

Mmm...red velvet cake (insert Homer Simpson moan here). I know which scam I'd fall for:

Pinterest scam A

How are these ads spreading? Pinterest users themselves. The first step in all these scams, said Ben Greenbaum, a senior principal software engineer at Symantec, is that the victim has to pin it onto their friends' corkboards. However as Symantec noted in its blog post, the scammers couldn't quite get the replicating code to work.

"This isn't a technologically sophisticated hack, there's no vulnerability within Pinterest making it work. Like every social engineering scam it involves scammers taking advantage of people's trust," said Greenbaum. 

Complicating matters for you, dear Pinterest member, is that advertising is allowed on the site, although the company does not take responsibility for malicious ones. So how can you avoid this? Symantec offers two words of advice. The first is a healthy dose of skepticism.

"If an ad asks you for personal identifying information, it's probably not legitimate," Greenbaum said.

The second is to install a security suite with an antiphishing component, so that if you accidentally click on a phishing link you'll get a warning. Symantec's own Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) suite consistently blocks phishing sites better than almost all the rest. Of all current suites only Bitdefender Total Security 2012 ($79.95 direct for three licenses, 4 stars) has beaten Norton.

For more on Pinterest, see our full review. If you're already a member, be sure to follow PCMag’s Pinterest boards.

About Our Expert

Sara Yin

Sara Yin

Junior software analyst

Sara Yin is a junior analyst in the Software, Internet, and Networking group at PCmag.com, pouring most of her energy into app testing and security matters at Security Watch with Neil Rubenking. She lies awake at night pondering the state of mobile security (half-true). Prior to joining PCMag.com, Sara spent five years reporting for publications in New York City (Huffington Post), Hong Kong (South China Morning Post), and Singapore (Campaign Asia, Men's Health). Follow her on Twitter at @SecurityWatch and @sarapyin, or contact her the old school way: email. That's sara_yin AT pcmag.com.

Read the latest from Sara Yin

Read full bio