With Valentine’s Day approaching, lovers around the world are working on finding the best way to celebrate with their loved ones.
Meanwhile, cyber criminals around the world also seem to be caught up in the spirit of this unique day.
Over the past two years, Check Point Research has identified the use of the word “Valentine” within malicious websites during the month of February.
In both 2018 and 2019, the increase was over 200% compared to the previous months, and this was the biggest increase reported throughout the year.
A similar, yet less stable trend was seen with websites using the word “chocolate” – in 2018 the increase was almost 500% in February, while in 2019 it was more modest at 39%.
The use of these words by attackers serves two main purposes: firstly, luring the users who are likely interested in Valentine’s Day related websites and secondly, hiding among many other legitimate Valentine’s Day websites that are used during this time of year.
In the first week of February 2020 alone, we have seen over 10 000 domains containing the word “Valentine” being accessed by users across the globe. The threats in such websites can vary and include online scams, credentials or payment details theft and malware infections.
Cyber criminals do not only stop at deceptive website names, they also make good (or bad) usage of deceptive email messages in order to lure users to phishing websites and even to spread malware.
Last year it was reported that an email campaign was spreading GandCrab Ransomware around Valentine’s Day with email subjects such as “This is my love letter to you”, while this year we already see some examples of such Valentines themes, which might be part of a wider campaign that will be spread later in the month.
The first email is part of Ursnif campaign using the subject “I browse your profile, and I love it… So, these are my best photos…” which may relate to a known Valentine day scam – online dating scams.
The other malicious files were part of Emotet Botnet campaign, which is the most prominent malware currently, known to be spread via widespread Spam campaigns.
Those campaigns often relate to major events (such as Halloween and Christmas campaigns) to lure the victims to download the malware. This time the malicious files were sent in a spam email with subjects such as “I cannot imagine my life alone. I need a beloved one”.