To 13 million people and counting, Pinterest is just a hot new social network for image sharing.
But to spammers, the still-new site is an easy mark for exploitation—and easy money. Spammers are turning innocent users’ clicks into cash by running thousands of automated Pinterest profiles, and they’re getting away with it for longer than any of them expected.
At Black Hat World, a forum where spammers share tips and tricks, user gimme4free has gamed Pinterest so easily that he’s selling a botting and scripting program to help others to quickly and easily generate thousands of bot profiles to spam the site automatically.
“In January I thought to give them a try by making up a couple of bots,” he wrote.
“After the success rates that I was seeing I decided to create a whole package of bots, which I have been using non-stop since the day, with just a couple of account bans.”
Those bans, he said, were caused by “excessive spamming and also they even lasted a few days before being shut down!”
The program generates an army of bots and connects it to the spammer’s Amazon Affiliate account, where he’ll automatically earn money every time a user from Pinterest clicks the pin and makes the Amazon purchase.
The kit will sets the spammer back a cool $249, but gimme4free assures fellow spammers it’s worth it.
“The traffic from Pinterest is ‘paying’ traffic,” he wrote. “I have even had some of my pins gain comments within just minutes with the Pinterest users saying, ‘Thanks, just bought this’ !!!”
Spotting a bot account hasn’t been that challenging in the past. But this program could change things, making bot accounts trickier to detect.
This program games each part of the Pinterest process. First, it generates its own invitations, bypassing Pinterest’s invite-only status. Next, it automatically schedules pins and follows others by the seconds. Wiithin minutes, a bot account could have thousands of pins and followers.
The bots also are programmed to like and even comment on other users’ pins in order to appear more human.
Gimme4free isn’t the only spammer who has figured out a way to work Pinterest.
A user named JackSparrow has developed a simple six-line script that bypasses the number of users one Pinterest profile can follow in a day. Ordinarily, Pinterest’s scripts cap that number at 200. But with a spammer’s ingenuity, one profile can follow upwards of one million people in a day.
“I talked to Ben about the issue of gaming their system and spam,” Davis told us in an instant message. “I shared this forum because it is a good way for companies to view what the spammers are doing, and I suggested they could use this information to fight these bots in a proactive manner.
No matter how Pinterest chooses to combat spam, its abundant traffic will continue to make it a tantalizing target. When we reached out to Pinterest for a comment, a spokesperson told us that dealing with bots is a top priority:
“As a growing service, Pinterest is not immune to challenges faced by sites across the Web. However, it is a tremendous priority for us to address them quickly. Our engineers actively work to manage issues as they arise and are revisiting the nature of public feeds on the site to make it harder for fake or harmful content to get into them.”