Valentine’s & Chocolate Don’t Always Equal Love

With Valentine’s Day approaching, lovers around the world are working on finding the best way to celebrate with their loved ones. Meanwhile – cyber criminals around the world also seem to be caught up in the spirit of this unique day. Over the past 2 years, Check Point Research has identified the use of the word “Valentine” within malicious websites during the month of February. In both 2018 and 2019, the increase was over 200% compared to the previous months, and this was the biggest increase reported throughout the year (see chart below).

A similar, yet less stable trend was seen with websites using the word “chocolate” – in 2018 the increase was almost 500% in February, while in 2019 it was more modest at 39%.

The usage of these words by attackers serves two main purposes: firstly, luring the users who are likely interested in Valentine’s Day related websites and secondly, hiding among many other legitimate Valentine’s Day websites that are used during this time of year. In the first week of February 2020 alone we have seen over 10,000 domains containing the word “Valentine” being accessed by users across the globe.  The threats in such websites can vary and include online scams, credentials or payment details theft and malware infections.

Cyber criminals do not only stop at deceptive website names, they also make good (or bad) usage of deceptive email messages in order to lure users to phishing websites and even to spread malware. Last year it was reported that an email campaign was spreading GandCrab Ransomware around Valentine’s Day with email subjects such as “This is my love letter to you”, while this year we already see some examples of such Valentines themes, which might be part of a wider campaign that will be spread later in the month. The first email is part of Ursnif campaign using the subject “I browse your profile, and I love it… So, these are my best photos…” which may relate to a known Valentine day scam- online dating scams.

The other malicious files were part of Emotet Botnet campaign, which is the most prominent malware currently, known to be spread via widespread Spam campaigns.

Those campaigns often relate to major events (such as Halloween and Christmas campaigns that we reported about a few months ago) to lure the victims to download the malware. This time the malicious files were sent in a spam email with subjects such as “I cannot imagine my life alone. I need a beloved one”.

As part of the Check Point Sandblast Zero-Day Protection solution, Threat Emulation prevents infections from new malware and targeted attacks. This innovative zero-day threat sandboxing capability within the Sandblast solution delivers the best possible catch rate for threats. It is also virtually immune to attackers’ evasion techniques.

How can you avoid falling victim to these scam attempts? Our recommendations for a safer online experience are:

  1. Verify you are ordering online from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.
  2. Beware of “special” offers. An 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity.
  3. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.