Brought to you by TrendLabs, Trend Micro’s global threat research & support organization
Trend Micro™ - Securing Your Journey to the Cloud Follow us on Twitter Like us on Facebook Watch our YouTube Channel


Recognizing new social media threats

Social media threats are now more prevalent and harmful than most people think. Based on the growing number of social media threats, we noted new developments in threats that target Facebook and Pinterest. With the threat now real and the risks obvious, it’s time to recognize the newest threats plaguing social media today.

Facebook: Scams still on the loose

The social networking giant is notorious for being targeted by socially engineered attacks that lure users with fraudulent news and promos, as well as fake themes and apps. Survey scams are among the older Facebook threats, requiring victims to disclose sensitive information in exchange for ‘prizes’.

A more recent Facebook threat poses an even greater risk

A more recent Facebook threat poses an even greater risk and comes in the form of private messages. We recently spotted private messages that spread malicious links in the form of shortened URLs. These links point to .ZIP files that download a worm that disables antivirus software installed in systems.

Further research revealed that it downloads and executes another worm, which does its own kind of damage too. It monitors the messages that you post, even those you delete, as well as the private messages you send on Facebook and other social networking sites like Myspace and Twitter. It also spreads copies of itself via various instant messengers.

Pinterest: Scamming by point and click

Social media’s overnight sensation, Pinterest, is the latest target for spam, scams, and all things nasty. Similar to Facebook survey scam techniques, we found posts spammed on Pinterest that used ‘pinterest’ as a search keyword.

We found several Pinterest ‘pins’ that lead to phishing sites. Pins that used URL shorteners and led to fake sites that redirected to other sites that looked exactly like Pinterest. One site offered gift cards from certain establishments; clicking the links though lead to a survey called ‘Body Age Quiz’. Victims who provide their mobile numbers may suffer from unwanted mobile service charges and receive text spam. This isn’t unusual as a typical Pinterest scam usually works by tricking people with free gift cards. Falling prey to this scam may be easy since the URL appears legitimate due to its use of the Pinterest name.

How to protect yourself

It’s important to note that anyone can easily be fooled into revealing all sorts of personal information on social media sites, prompting users to inadvertently install malicious files in their systems. To protect yourself, remember the following:

Guard your personal information

You are responsible for your own data, so an option to consider would be to give out false information. Pinterest’s simple and intuitive interface makes it an easy target for scammers. All it takes for scammers is an eye-catching photo for users to re-pin. Everyone should be cautious when providing personal information on any site.

Beware of shortened links

Be wary of clicking shortened links from unknown accounts. Even if the link was sent by someone you know and trust, you can never be too sure where it can lead you.

Learn more

To know more about protecting yourself from social media threats, read our comprehensive e-guide ‘A Guide to Threats on Social Media’.




Forward to a friend
Subscribe to Trend

Latest threat information
Threat tracker
New Research Paper:
  Advanced Persistent Threat Primer

Threat Widget
All Free Tools


We appreciate your interest in Trend Micro’s First Line of Defense newsletter. If you would like to receive future Trend Micro product announcements and special offers, please opt-in to our mailing list.

Copyright © 2012 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice.