Chocolates and flowers have become common attributes of Valentine’s Day. But so did cybercrime, with threat actors lurking around for any opportunity - from phishing love messages to fake gift sales - to get their hands on your precious data.
Any festive season or holiday gives cybercriminals a chance to employ new tactics, and Valentine’s Day is no exception.
Already throughout 2018-2019, Check Point researchers recorded a 200% increase in the use of the word “Valentine” within malicious websites in February compared to any other month of the year. Similarly, there was a 500% increase in the malicious use of the word “chocolate” within the same month. Since then, the trend has only been going upwards.
Such malicious websites hiding amongst many legitimate ones are extremely common during the Valentine’s Day season. On average, users access as many as 10,000 domains with the word “Valentine” only in the first week of February. Fraudulent websites can be used for credential harvesting, online scams, malware infection, and personal information harvesting.
Electronic love messages are another popular way of making a user download an attachment, click on a malicious link, or provide personal information. Scammers may use social engineering techniques to send romantic e-notes from a secret admirer, making use of the temptation to learn more about the potential love interest.
Back in 2019, email services were utilized to spread GandCrab Ransomware around February 14th, with the subject “This is my love letter to you.” A year later, it was a Ursnif campaign, saying “I browse your profile, and I love it… So, these are my best photos…” As a rule of thumb, if you see a sudden love message from someone you don’t know - especially if it requires you to download an attachment or click on a URL - delete the email with no hesitation.
Other types of fraudulent emails relate to fake shopping, including flowers, chocolate, romantic getaways, and small gift sales. These might include infected URLs, lead you to one of the fraudulent websites that will attempt to steal your personal or financial information, or will include a malicious attachment. Remember that the better the deal is, the more questions it should pose.
Romance scams are also especially prevalent around Valentine’s Day. Threat actors will use social engineering to create a profile and target a specific group of people, gaining trust and convincing them to send money or purchase expensive gifts. Netflix’s recent documentary The Tinder Swindler tells the story of Simon Leviev, who scammed his victims for a total of $10 million through platforms like Hinge and Tinder. Make sure to never transfer money to someone you don’t know and avoid sharing personal information online.
More from CyberNews:
Subscribe to our newsletter