HOME
NEWS

Cyber Criminals are Going after Valentine’s Day Shoppers


By VARINDIA - 2022-02-10
Cyber Criminals are Going after Valentine’s Day Shoppers

Check Point Research (CPR) sees a spike in malicious activity targeting Valentine’s Day shoppers. In January, CPR documented a 152% jump in domain registrations themed around Valentine’s Day, where 6% were deemed malicious. Fifty five percent of those domains were marked suspicious. CPR also shares a real example of a spoofed domain imitating the brand “The Million Roses” that attempted to trick shoppers into giving up personal information. CPR urges shoppers this year to beware of ‘too good to be true’ offers, watch out for suspicious password reset emails and to avoid oversharing personal information. Malicious domain registration is a go-to tactic by cybercriminals looking to capitalize on the excitement of major shopping events.

 

One out of every 371 malicious emails tracked by CPR traced to the theme of Valentine’s Day

CPR graphs the number of newly registered domains per month over the past three years

CPR shares five safety tips for Valentine’s Day shoppers

 

Check Point Research (CPR) sees an increase in malicious activity targeting shoppers seeking to buy gift’s for Valentine’s Day. In January, CPR documented a 152% increase in domain registrations themed around Valentine’s Day, compared to the month of December. Of those domains, 6% percent were deemed malicious by CPR, and 55% were deemed suspicious. All in all, one out of every 371 malicious emails tracked by CPR recently traced to the theme of Valentine’s Day.

 

The registration of theme-specific, spoofed domains is a tactic that cybercriminals use to take advantage of a specific event in order to lure victims into a trap of revealing personal information.

 

Comparing Years

CPR has graphed below the number of newly registered domains per month over the past three years. This year, the rise in newly registered domains jumped by a triple digit percentage, similar to 2021 and 2020.

 

CPR has graphed below the number of newly registered domains per month over the past three years. This year, the rise in newly registered domains jumped by a triple digit percentage, similar to 2021 and 2020.

 

 

 

 

 

Example: Spoof of “The Million Roses”

CPR found an example of a phishing scam attempting to target Valentine’s Day shoppers. The malicious phishing email used “The Millions Roses” branding to lure victims into purchasing gifts for Valentine’s Day. In the following example, the fraudulent email (see figure below) was sent from a spoofed address. The fraudulent email listed a company address that was different from the legitimate “The Million Roses” brand. The subject line used was “Give your Valentine an unforgettable Valentine's Day Gift.”

 

This is a sign that the email is from a dubious source, and the website is fake. Anyone who clicked on the link in the email would have been redirected to a fraudulent malicious link, currently inactive, which tried to imitate “The Million Roses” website.”

 

 

From: The Million Roses® (w0XzqB8i96@tren-jPBDfGZ[.]com)

Subject: Give your Valentine an unforgettable Valentine's Day Gift.

Quote: Omer Dembinsky, Data Group Manager at Check Point Software:

 

Cyber criminals are going after Valentine’s Day shoppers intensely this year. We’ve seen a staggering 152% jump in domain registrations themed around Valentine’s Day in January, where a good amount of those domains are either malicious or suspicious. Cyber criminals are looking to take advantage of the moment. They’re aim is to dupe shoppers into making ‘purchases’ on their sites, but really it’s a decoy to steal personal information, which could lead to whole host of problems for victims. Credit card fraud and personal identity theft are potential examples of what cyber criminals are capable of this Valentine’s Day season. To avoid these traps, I strongly urge Valentine’s Day shoppers to be suspicious of password reset emails, to beware of too good to be true offers and look for spelling and grammar errors. Any one or a combination of these are red flags, and should tip you off that you’re in front of a trap set up by a cyber criminal.”

 

Security Tips for Valentine’s Day Shoppers this Year

ALWAYS be suspicious of password reset emails: By sending a fake password reset email that directs you to a lookalike phishing site, attackers can convince you to type in your account credentials and send those to them. If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password).

 

Never EVER share your credentials: Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. As a result, phishing attacks are designed to steal login credentials in various ways

BEWARE of too good to be true buying offers, as they are really too good and not true: An 80% discount on a new iPhone or an item of jewelry is usually not a reliable or trustworthy purchase opportunity.

ALWAYS verify you are ordering online from an authentic source: Do NOT click on promotional links in emails, instead Google your desired retailer and click the link from the Google results page.

Look for linguistic Errors: Spelling and grammar errors are another sign of phishing emails. Most companies use spell check, so these typos should raise suspicion because the email may not originate from the claimed source.

 

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA