News
Cyber Criminals are Going after Valentine’s Day Shoppers
February 2022 by Check Point Research (CPR)
Check Point Research (CPR) sees a spike in malicious activity targeting Valentine’s Day shoppers. In January, CPR documented a 152% jump in domain registrations themed around Valentine’s Day, where 6% were deemed malicious. Fifty five percent of those domains were marked suspicious. CPR also shares a real example of a spoofed domain imitating the brand “The Million Roses” that attempted to trick shoppers into giving up personal information. CPR urges shoppers this year to beware of ‘too good to be true’ offers, watch out for suspicious password reset emails and to avoid oversharing personal information. Malicious domain registration is a go-to tactic by cybercriminals looking to capitalize on the excitement of major shopping events.
• One out of every 371 malicious emails tracked by CPR traced to the theme of Valentine’s Day
• CPR graphs the number of newly registered domains per month over the past three years
• CPR shares five safety tips for Valentine’s Day shoppers
Check Point Research (CPR) sees an increase in malicious activity targeting shoppers seeking to buy gift’s for Valentine’s Day. In January, CPR documented a 152% increase in domain registrations themed around Valentine’s Day, compared to the month of December. Of those domains, 6% percent were deemed malicious by CPR, and 55% were deemed suspicious. All in all, one out of every 371 malicious emails tracked by CPR recently traced to the theme of Valentine’s Day.
The registration of theme-specific, spoofed domains is a tactic that cybercriminals use to take advantage of a specific event in order to lure victims into a trap of revealing personal information.
Comparing Years
CPR has graphed below the number of newly registered domains per month over the past three years. This year, the rise in newly registered domains jumped by a triple digit percentage, similar to 2021 and 2020.
Example: Spoof of “The Million Roses”
CPR found an example of a phishing scam attempting to target Valentine’s Day shoppers. The malicious phishing email used “The Millions Roses” branding to lure victims into purchasing gifts for Valentine’s Day. In the following example, the fraudulent email (see figure below) was sent from a spoofed address. The fraudulent email listed a company address that was different from the legitimate “The Million Roses” brand. The subject line used was “Give your Valentine an unforgettable Valentine’s Day Gift.”
This is a sign that the email is from a dubious source, and the website is fake. Anyone who clicked on the link in the email would have been redirected to a fraudulent malicious link, currently inactive, which tried to imitate “The Million Roses” website.”
Omer Dembinsky, Data Group Manager at Check Point Software:
“Cyber criminals are going after Valentine’s Day shoppers intensely this year. We’ve seen a staggering 152% jump in domain registrations themed around Valentine’s Day in January, where a good amount of those domains are either malicious or suspicious. Cyber criminals are looking to take advantage of the moment. They’re aim is to dupe shoppers into making ‘purchases’ on their sites, but really it’s a decoy to steal personal information, which could lead to a whole host of problems for victims. Credit card fraud and personal identity theft are potential examples of what cyber criminals are capable of this Valentine’s Day season. To avoid these traps, I strongly urge Valentine’s Day shoppers to be suspicious of password reset emails, to beware of too good to be true offers and look for spelling and grammar errors. Any one or a combination of these are red flags, and should tip you off that you’re in front of a trap set up by a cyber criminal.”
Security Tips for Valentine’s Day Shoppers this Year:
• ALWAYS be suspicious of password reset emails: By sending a fake password reset email that directs you to a lookalike phishing site, attackers can convince you to type in your account credentials and send those to them. If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password).
• Never EVER share your credentials: Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. As a result, phishing attacks are designed to steal login credentials in various ways
• BEWARE of too good to be true buying offers, as they are really too good and not true: An 80% discount on a new iPhone or an item of jewelry is usually not a reliable or trustworthy purchase opportunity.
• ALWAYS verify you are ordering online from an authentic source: Do NOT click on promotional links in emails, instead Google your desired retailer and click the link from the Google results page.
• Look for linguistic Errors: Spelling and grammar errors are another sign of phishing emails. Most companies use spell check, so these typos should raise suspicion because the email may not originate from the claimed source.
