Share your love on Valentine’s Day, but keep your credentials to yourself



  • Valentine’s Day domains are up by 152% in January
  • Six percent of all new valentine’s day related domains found to be malicious, while 55% found to be suspicious
  • In the past month, one out of every 371 malicious emails were related to Valentine’s Day



Comparing Years


CPR has graphed below the number of newly registered domains per month over the past three years. This year, the rise in newly registered domains jumped by a triple digit percentage, similar to 2021 and 2020.


Valentine´s Days newly registered domains per month from 2019 to today

New Valentine’s Day Related Domains by Week


In January, CPR witnessed a 152% increase in new domains registered, compared to December. This year, 6% of the new domains were found to be malicious and 55% were found to be suspicious. In the past month, 1 out of every 371 malicious emails were related to Valentine’s Day.


Express your love with roses (while hackers steal your private credentials)


CPR found an example of a phishing scam focused on buyer fraud. The malicious phishing email used “The Millions Roses” branding to lure victims into purchasing gifts for Valentine’s Day. In the following example, the fraudulent email (see figure below) was sent from a spoofed address. The fraudulent email listed a company address that was different from the legitimate “The Million Roses” brand. This is a sign that the email is from a dubious source, and the website is fake. Anyone who clicked on the link in the email (https://firebasestorage[.]googleapis[.]com/v0/b/simo-71947[.]appspot[.]com/o/Dooring[.]html?alt=media&token=f39a49dd-96fd-4040-a3ba-de80ccc606eb) would have been redirected to a fraudulent malicious link, currently inactive, (https://jbrbro[.]page[.]link/doorring) which tried to imitate “The Million Roses” website.


From: The Million Roses® ([email protected][.]com)

Subject: Give your Valentine an unforgettable Valentine’s Day Gift.



Phishing is the most common type of social engineering


Phishing attacks occur when malicious actors send messages pretending to be a trusted person or entity. Phishing messages manipulate users into performing actions like installing a malicious file, clicking on a malicious link, or divulging sensitive information such as login credentials. Social engineering is an increasingly common threat vector used in almost all security incidents. Social engineering attacks, like phishing, are often combined with other threats, such as malware, code injection, and network attacks. Furthermore, phishing is the number one cause of ransomware. Since these attacks are specifically designed to exploit the human nature of wanting a good deal, it is extremely important to prevent these attacks from ever reaching their desired victims – because just one “wrong click” can cause tremendous damage.


How do you avoid falling victim to phishing scams? Here is what we recommend to spot the signs and stay protected:


Threats or a Sense of Urgency – Emails that threaten negative consequences should always be treated with skepticism. Another strategy is to use urgency to encourage or demand immediate action. Phishers hope that by reading the email in a hurry, they will not thoroughly scrutinize the content and will not discover inconsistencies.

Message Style
– An immediate indication of phishing is when a message is written with inappropriate language or tone. For example, if a colleague from work sounds overly casual, or a close friend uses formal language, this should trigger suspicion. Recipients of the message should check for anything else that could indicate a phishing message.

Unusual Requests
– If an email requires you to perform non-standard actions, it could indicate that the email is malicious. For example, if an email claims to be from a specific IT team and asks for software to be installed, but these activities are usually handled centrally by the IT department, the email is probably malicious.

Linguistic Errors
– Spelling and grammar errors are another sign of phishing emails. Most companies use spell check, so these typos should raise suspicion because the email may not originate from the claimed source.


Web Address Inconsistencies – Another easy way to identify potential phishing attacks is mismatched email addresses, links, and domain names. It’s a good rule of thumb to always cross reference previous communication with the email address.


Recipients should hover over a link in an email before clicking it to confirm the actual link destination. If the email is believed to be sent by The U.S. Postal Service, but the domain of the email address does not contain “”, that is a sign of a phishing email.

Request for Credentials, Payment Information or Other Personal Details
– In many phishing emails, attackers create fake login pages linked from emails that appear to be official. The fake login page typically has a login box or a request for financial account information. If the email is unexpected, the recipient should not enter login credentials or click the link. As a precaution, recipients should directly visit the website they think is the source of the email.




  • ALWAYS be suspicious of password reset emails: By sending a fake password reset email that directs you to a lookalike phishing site, attackers can convince you to type in your account credentials and send those to them. If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password).
  • Never EVER share your credentials: Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. As a result, phishing attacks are designed to steal login credentials in various ways
  • BEWARE of too good to be true buying offers: as they are really too good and not true… An 80% discount on a new iPhone or an item of jewelry is usually not a reliable or trustworthy purchase opportunity.
  • ALWAYS verify you are ordering online from an authentic source: Do NOT click on promotional links in emails, instead Google your desired retailer and click the link from the Google results page.



Check Point’s anti-phishing solutions include different products that address different attack vectors – email, mobile, endpoint and network. The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.