Check Point Research (CPR) observes an escalation of malicious activity targeting Valentine's consumer consumers.
In January, CPR recorded a 152% increase in Valentine's Day domain registrations, with 6% considered malicious and 55% of these domains classified as suspicious.
• One of 371 malicious e-mails detected by CPR is related to Valentine's Day.
CPR plots the number of newly registered domains per month for the last three years
CPR Shares Five Safety Tips for Valentine's Consumers
Check Point Research (CPR) is finding an increase in malicious activity targeting shoppers wishing to buy Valentine's gifts. In January, CPR recorded a 152% increase in domain registrations for Valentine's Day, compared to December. Of these domains, 6 %% were considered malicious by CPR and 55% suspected. In all, one of the 371 malicious e-mails recently detected by CPR was on Valentine's Day.
Registering themed, fake domains is a tactic used by cybercriminals to exploit a specific event in order to lure victims into the trap of revealing personal information.
Comparison by years
CPR has shown below the number of newly registered domains per month over the last three years. This year, the growth of the newly registered sectors jumped by three digits, similar to 2021 and 2020.
Example: Forgery of "The Million Roses"
CPR has found an example of a phishing scam targeting shoppers for Valentine's Day. The malicious e-mail message used the name "The Millions Roses" to lure victims to a Valentine's gift shop. In the following example, the fraudulent email (see image below) was sent from a fake address stating a company address other than the legal brand "The Million Roses". The theme of the message was "Give your Valentine an unforgettable gift for Valentine's Day".
This is a sign that the email is coming from a dubious source and the site is fake. Anyone who clicked on the email link would be redirected to a malicious, currently inactive link trying to emulate The Million Roses.
From: The Million RosesÂ® (w0XzqB8i96 @ tren-jPBDfGZ [.] Com)
Subject: Give your Valentine an unforgettable gift for Valentine's Day.
Comment by Omer Dembinsky, Data Group Manager at Check Point Software:
"Cybercriminals are increasingly chasing consumers who intend to buy gifts on Valentine's Day this year. We saw an impressive 152% increase in domain name registrations on this day in January, where a large portion of them are either malicious or suspicious. Cybercriminals seek to exploit the moment. Their goal is to trick buyers into making "purchases" on their sites, but in reality it is a bait to steal personal information, which could lead to a lot of problems for the victims.
Credit card fraud and identity theft are possible examples of what cybercriminals can do. To avoid these pitfalls, I strongly urge Valentine's consumer consumers to be suspicious of password reset emails, watch out for good ones to be true quotes, and look for spelling and grammatical errors. "Any of them or a combination of them are red flags and should be a warning sign that they are in front of a trap set by a cyber criminal."
Safety tips for consumers on Valentine's Day this year
• ALWAYS be skeptical of password reset emails: Attackers can persuade you to enter your account credentials and send them to them. If you receive an unwanted password reset email, always visit the site directly (do not click embedded links) and change your password on this and any other site with the same password
• NEVER, NEVER share your credentials: Theft of credentials is a common target of cyber attacks. Many people reuse the same usernames and passwords on many different accounts, so stealing credentials for a single account is likely to give an attacker access to others.
• BEWARE of the very good ones to be true market offers, as they are really very good and not true: An 80% discount on a new iPhone or jewelry is usually not a reliable purchase opportunity.
• ALWAYS make sure you order online from an authentic source: Click on promotional links in emails, but do a Google search for the retailer you want and click the link on the Google results page.
• Look for language errors: Spelling and grammar errors are another sign of "phishing" emails. Most companies use spelling checkers, so these typos should raise suspicions because the email may not come from the supposed source.
Registration in iGuRu.gr via email
Follow us on Google News