Beware 'I heart U' spam

By

Valentine's Day attacks may steal your identity or install malware on your PC.

While shops are stocking chocolates, cards and roses for Valentine's Day, cybercriminals are gearing up for the day of love, researchers say.


There are at least 50,000 unique Valentine's Day-themed spam emails in circulation said David Perry, global director of education for anti-virus maker Trend Micro.

Many spoof well-known floral companies and supposedly offer discounts on flowers or Valentine's Day merchandise.

“Don't trust any unsolicited email, ever,” Perry said.

A campaign aims to trick lovers into parting with their email addresses when unsubscribing from future offers, Cristina Buenviaje, an anti-spam research engineer at Trend Micro, wrote in a blog post Wednesday.

The messages, which come with the subject line “Send your Valentine Flowers – from $19.99 with a vase” have a legitimate-looking advertisement for discounted flowers. Clicking an “order now” button redirects users to a site that says the offer is no longer available. 

Suspicious users who try to unsubscribe are redirected to a page that tells them to enter their email address to stop receiving messages.

“Users should never unsubscribe from anything they didn't subscribe for in the first place,” Buenviaje wrote. “Entering your email address into this page is like handing it over to spammers.”

Other threats could come from e-cards, which may even look like they were sent from someone a love interest, Perry warned.

With fake e-cards, users are often told they need to install software to view the card, said Randy Abrams, director of technical education at anti-virus maker ESET. But the software usually leads to rogue anti-virus programs or other malware being installed on a victim's PC. 

Users should be careful not to click on links or attachments contained in unsolicited emails or instant messages.

Meanwhile, researchers at ESET have already discovered malware on sites with the word “valentine” in the URL, Abrams said.

“Typically, as we get much closer to Valentine's Day, we see an increase in attacks,” he said.

Cybercriminals will likely use search engine optimisation tactics to “poison” Valentine's Day web queries so their malicious links appear near the top of search results.

“Searches related to Valentine's Day start to surge at this time each year,” Abrams said.

“The criminals know what people are looking for and will try to snare uses by optimizing results to drive traffic to their malware.”

Attackers will also likely distribute Valentine's Day-themed malware campaigns on social networking sites such as Facebook, Perry said.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?