Phishing on Pinterest
Phishing attacks on Pinterest harvest account credentials through fake login pages linked from pins, email impersonation of Pinterest notifications, and boards designed to funnel users toward credential-stealing sites.
Part of: Phishing
Last reviewed: 1 June 2026
Pinterest accounts are a valuable asset for spammers and scammers — a pinning account with followers and boards can distribute fraudulent content to large audiences. This makes Pinterest credentials a phishing target, with attacks arriving both through the platform itself and via email impersonating Pinterest notifications.
Because Pinterest users are accustomed to clicking through to external sites via pins, phishing pages embedded in pin flows encounter lower suspicion than those on platforms where external links are unusual.
How this scam works on Pinterest
A phishing email mimicking a Pinterest notification — an 'account security alert', 'monthly recap', or 'pin engagement notice' — directs users to a login page hosted on a convincing Pinterest typosquat domain. Entered credentials are captured and the Pinterest account is taken over for spam distribution.
Within the platform, pins created by compromised accounts link to phishing pages using attractive images from the original board's topic, so a food or travel board's phishing pins are indistinguishable from genuine content until after the click.
Some phishing operations target Pinterest users specifically to gain access to linked email accounts, since Pinterest accounts created with OAuth often do not have a separate password — resetting them via email becomes the attack path.
Common red flags
- Pinterest email asking you to verify your account through a provided link
- Login page URL that differs from pinterest.com
- Pin from a previously followed board that now links to an uncharacteristic external page
- Pinterest message claiming your account requires re-verification to remain active
- Password-reset email you did not request
How to protect yourself
- Access Pinterest only by navigating to pinterest.com directly or through a bookmarked URL
- Enable two-factor authentication on your Pinterest account
- Review your linked apps in account settings and revoke any you do not recognise
- Be sceptical of any pin that immediately requests login or personal information
- Check email sender addresses carefully — genuine Pinterest emails come from @pinterest.com
How to report it
- Report suspicious pins and accounts via Pinterest's in-app report feature
- Forward phishing emails to Pinterest's abuse team at [email protected]
- Report phishing domains to Google Safe Browsing
Frequently asked questions
What happens if my Pinterest account is phished?
Change your password immediately via Pinterest's account recovery, revoke suspicious linked apps, and check your linked email account for signs of compromise. Notify your followers that your account may have been used to distribute scam content.