Bangkok--7 Feb--Core & Peak
Cybercriminals frequently leverage important events and special occasions for social engineering opportunities. As TrendLabsSM has noted over the years, Valentine’s Day is one of cybercriminals’ favorite occasions to target for malicious profit. From spammed messages serving malware to compromised sites, users must remain cautious of security threats that purport to spread love but actually do harm.
Valentine’s Day Means More Business for Cybercriminals
What do Christmas, New Year, Halloween, and Valentine’s Day have in common? Apart from being some of the most celebrated occasions worldwide, these also present cybercriminals with a lot of opportunities to spread malware. Cybercriminals leverage these occasions in their social engineering tactics to lure users into their scams.
Valentine’s Day presents a particularly lucrative opportunity for businesses. In fact, comScore found that February 2010 saw an increase in the number of consumer visits to dating, e-card, and gift sites in the United States. comScore noted that the number of visits to gift sites increased to 32.2 million while that to personal sites posted a 5 percent increase, reaching 24.2 million. E-card sites also became one of the top-ranking sites with a 7 percent increase in number of visits.
Cybercriminals Love You
Given that special occasions are naturally lucrative for business, cybercriminals do not treat Valentine’s Day as an exception. Valentine-themed spam and scams are just some of the attacks likely to plague users. These may lead to threats such as system infection as well as to information and financial theft.
WALEDAC Spreads Love
Possibly one of the most notorious malware that took advantage of Valentine’s Day is WALEDAC. Primarily known for its spamming techniques, WALEDAC also acted as a means to introduce other malware variants to users’ systems. Dubbed as the “new” Storm, WALEDAC used a similar technique and business model to Storm. However, it used an HTTP POST command-and-control (C&C) server, which was more common than Storm’s Overnet P2P server, which made it more difficult for security researchers and analysts to track and block WALEDAC-related C&C traffic.
Beware of “Love” Scammers
Apart from the usual concerns related to malware infection and spamming, “love” scammers also target dating/personal and social networking sites to part users from their hard-earned money. As such, the Federal Trade Commission (FTC) came up with a list of telltale signs indicating that the strangers you meet online may just be interested in your money.
These signs include the following:
- Wanting to immediately leave the dating site and use personal email or instant-messaging (IM) accounts instead
- Claiming instant feelings of love
- Claiming to be from the United States but is currently overseas
- Planning to visit though unable to do so because of a tragic event
- Asking for money to pay for travel, visas or other travel documents, medication, a child or another relative’s hospital bills, recovery from a temporary financial setback, or expenses incurred while waiting for a big business deal to come through
- Making multiple requests for more money
The above-mentioned attacks pose grave threats to users but can be easily avoided with proper vigilance and education. Since most Valentine-themed attacks arrive via spam, users should be cautious of opening email messages that offer huge discounts or that advertise unbelievable promos. As much as possible, shop online via legitimate vendors’ sites.
To stay safe online, keep the following tips in mind:
- Review a site’s terms and conditions before purchasing an item from it. Verify important details such as overall cost, shipping date, order cancellation, and return policies.
- Make sure to check out the seller’s physical address and phone number in case processing or delivery problems arise.
- Use credit instead of debit cards, as most banks offer credit protection policies to limit financial losses should theft occur. Using debit cards may expose personal bank accounts to greater risk and may not have the same mitigation advantages as using credit cards.
- Never input personal information into a pop-up screen. Hackers can use these to intercept your online sessions. Legitimate sites do not use pop-up messages to request for personal information.
- Before entering credit card information, look for https:// in the address bar, as this is an indicator of a secure session. Some sites also display a closed padlock or an unbroken key icon at the bottom-right corner of your browser.
For the best protection, install a security solution that prevents spam from even reaching your inbox, that blocks access to malicious sites, and that prevents the download and execution of malicious files. Such a measure prevents system infection from the start, resulting in a pleasurable online experience not just on Valentine’s Day but on any special occasion or holiday.