Love Gone Phishy: Check Point Research Exposes Valentine’s Day Cyber Threats

Key Findings

• In January 2025, we observed over 18,000 new Valentine’s/love-related websites, marking a 5% increase compared to the previous month.
• Of these, 1 in 72 newly registered websites were identified as malicious or risky.
• Specifically focusing on Valentine’s-related websites, there was a 123% increase in newly registered websites in the past month, which aligns with trends seen in previous years (see visual below).

Example of an email campaign

In late January, Check Point Research (CPR) uncovered a phishing email campaign targeting consumers with a fraudulent offer to win a “Valentine basket.” The emails, which featured the subject line “You won … Valentine basket,” were nearly identical, differing only in the store name. Each message encouraged recipients to answer a few questions in exchange for a basket, displaying the same enticing image across all emails.

The attackers attempted to lure victims into clicking malicious links, falsely promising the reward. These links have also been flagged as phishing by many security engines and were likely designed to steal personal and payment information.

Examples of emails from the same phishing campaign impersonating popular brands such as Costco, 1-800 Flowers, and Walmart

Unloving A Phishing Attempt

• Avoid Engaging with the email: Never interact with a suspected phishing message. If an email contains an unfamiliar link, unexpected attachment, or requests a response, refrain from clicking, opening, or replying.
• Remove the email after reporting: Once reported, delete the suspicious email from your inbox to prevent accidental interaction in the future.
• Never share your credentials: Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. As a result, phishing attacks are designed to steal login credentials in various ways
• Beware of too good to be true offers: as they really are too good –  and not true. An 80% discount on a new iPhone or an item of jewelry is usually not a trustworthy purchase opportunity.
• Always verify you are ordering online from an authentic source: Do not click on promotional links in emails, instead Google your desired retailer and click the link from the Google results page.

Defending Against Phishing Attacks

Phishing remains one of the most prevalent cyber threats due to its simplicity and high success rate. While staying informed about phishing tactics and best practices is essential, advanced security solutions can help detect and prevent these threats before they cause harm.

Check Point Harmony Email & Collaboration Suite Security offers comprehensive protection for Microsoft 365, Google Workspace, and collaboration platforms, safeguarding users from phishing, malware, and other email-based threats.