Fake Pinterest “Password changed” email leads to malware

Pinterest users beware: an email purportedly coming from the popular pinboard-style photo-sharing website and notifying you of a successful password reset is fake:

If you click on the offered button that will ostensibly show you the new password, you will be taken through a series of redirections and will finally land on a compromised website hosting the Blackhole exploit kit.

If you aren’t careful about keeping your software and OS updates, chances are that the exploit kit will find a security vulnerability to take advantage of and will download and execute the Cridex Trojan – a piece of banking malware that also opens a backdoor on the target computer.

Trend Micro researchers advise users to avoiding clicking links in suspicious emails, and to always perform account-related changes only on the actual websites of the services to which they have subscribed to.