Beware Valentines Day Phishing Attacks.

Posted by C Henry on Tue, Feb 7th, 2023

Scammers want to get close to you this Valentine's Day. Phishing scams always rise during the holidays and  Valentine’s Day is no exception. Valentine’s Day offers spammers and scammers the perfect opportunity to lure people into opening their wallets or giving away  personal information under the deceptive guise of love. 

Scammers will send massive email campaigns to dupe victims into handing over personal information.  If you get a Valentine’s Day email from someone you don’t know, do not click on anything.  Don’t follow the link.  For instance, you may get an email asking you to confirm your recent order from a fake online florist. Organised cyber criminals send out thousands of emails to unsuspecting victims and  create fake florist websites specifically for the purposes of phishing. 

Here are some tell-tale signs of a phishing email:

1. Does the sender name EXACTLY match other emails from the same party? If not, it could be packing malware.

2. If you're asked to reply with confidential data, be suspicious. A legitimate business will not ask for your username and/or password or to click a link to change your password. 

3. The offer seems to good to be true.  Remember that even if you know the sender, the sender’s address book could have been hijacked and used to disseminate phishing emails.

4. The email threatens you with dire consequences if you do not comply:

“Your computer has a virus” – This is a trick in email and website pop-up advertisements. You are asked to download a “security package” to combat the virus. Unfortunately, rogue security programs are one of the most common sources of malware infection. Ignore warnings about malware from any source except your verified antimalware program.
The email asks for “urgent” or “immediate” action, particularly involving financial transactions.. Confirm any such requests by telephone or, better yet, in person. Check with managers at your company before clicking on or replying to such emails.

5. An email contains an attachment that purports to be an order confirmation or receipt.   Think: have you ordered anything from that company? If so, do past emails have the same format and look? It is better in general to access information on an official website than to click links in an email or download an email attachment.

6. The email has an attachment with some non-standard document extension - attachments are a major source of infection. A standard document extension for Microsoft Office would be one ending in .docx , xlsx, or .pptx. These should be OK. But if the extension ends “m” (for macro), the document contains some embedded code that may execute when you open the document. Any Adobe Reader .pdf or zip file .zip document can contain malicious website links or malicious JavaScript files that could unleash a malware infection. The best advice is to check with the sender before downloading an attachment.

7. The sender’s email address does not seem to match the contents - Does it make sense that an email from UPS would come from an address such as j.shi@jung.com? Probably not. How about from no.reply@up.s.com? Notice the periods. This is not from UPS, it is from up.s. The "from" address in an email can be faked. Do not assume that if it comes from a known address that it is legitimate.

8. The wording of the email is awkward. – Does the content appear to be proper English (or whatever language it should be)? 

Preventing a Succesful Valentines Day Phishing Attack

To prevent these attacks, organisations need to remain vigilant and follow proven guidelines such as not clicking on links or attachments in unsolicited emails. To avoid becoming a victim of a phishing attack this valentines there are a few simple rules:

• Don't trust any unsolicited email, ever.
• Never “unsubscribe” from a service you haven’t subscribed for in the first place. You are literally handing your email address to spammers to use for future and possibly more targeted attacks.
• If you're interested in an offer contact the company behind the message by phone and verify that the message is genuine.
• Keep your company email security solutions valid and up to date so that you can secure your organisations network.
• Employees and other insiders actions are responsible for the majority of security breaches, a culture of security awareness is an important factor in preventing these security failures.
• Remember if you receive notice of a Valentine's deal via email or on a social network, that sounds too good to be true, it probably is!.

Spotting Valentines Day Phishing Scams with SafeTitan Security Awareness Training

SafeTitan is the only behaviour-driven security awareness solution that delivers security training in real-time. It consists of fully automated simulated phishing attacks with thousands of templates. Reinforce your strongest line of defense with SafeTitan employee behaviour-driven training with an extensive library of training courses, videos & quizzes.

Use only trustworthy and reliable websites for online shopping and sending e-cards to your loved ones. Whatever your romantic status, don’t fall for these common traps that are sure to pop up this Valentine’s Day. Find out how TitanHQ can train your employees to spot phishing and other targeted attacks.