Rabu, 29 Februari 2012

The Illustrated Anatomy of a Viral Pinterest Scam

Update: Part II - How The Scammers Hijacked Facebook Likes

It started with a tweet from a friend:

Never one to pass a scam, I dutifully clicked and landed on a page with this URL: http://giftinterest.com/coffee_ob9ve

The ticking "packages remaining" counter communicates the sense of urgency.  I am feeling lucky; I am WAY ahead of the Internet crowd. Of 500 available packages, only 74 have been given away and 424 are left. Even if the total number of pins is already in excess of 39K. But who are you going to trust - your lying eyes or an unforgiving counter?  (More: see the source code of the scam page.)

The page beckons: "Pin it". I pin it. Step 1 - check.

This is my pin. The picture of the coffee cups was not on the page I just pinned. Who cares. Five other schmucks users have already liked it.

I am thinking "Hey, that was easy. I am going to get not just one, but TWO cards". I open another browser and type in that giftinterest URL again.

Oh, what a stroke of luck. Look, the number of packages remaining - 442 - now is larger than it was a minute ago. Someone must have returned theirs. I refresh the page. The number is different yet again. Eventually, if you let the page just sit there, it will go down to zero. Refresh the page, and it reset to  some random number greater than 0 but smaller than 500.

But whatever. I pin again.

This time, the pinned picture is different.

I figure since I don't drink coffee anyway two cards are enough. I go back to the giftinterest page and click "Final Step".

Yes! Here I learn that the value of the card is $100 (but only if you qualify).  The page asks me for my email.

The pop-up window tells me to write "I Love Starbucks" on Facebook. That I can't do. I love Dunkin' Donuts

The rest of the story is familiar to everyone who has ever taken Free iPad surveys.  You get into the funnel...

... and fill out a bunch of surveys and leave your personal info...

... and at some point you are gently prompted to install some spyware...

Needless to say, it is very unlikely that Starbucks has anything to do with this project. Giftinterest.com was registered on February 24, 2012 in private, and both coffee-blends-now.com and yesusrveymedia.com (the two domains that popped up in various fine prints) are registered to a company in India.

Bonus track:  An identical scam is promising free H&M cards to the unsuspecting pinners.

Update: Part II - How The Scammers Hijacked Facebook Likes