"Malware authors, always eager to exploit their victims' susceptibility and curiosity, see great potential for 'romantic' hyperlinks that allegedly lead to greetings cards, poems, songs or videos. Apart from the disappointment that the victim might experience when they realise that the secret admirer is fictitious, there's also the significant issue of the risk to all their sensitive financial information," comments Carey van Vlaanderen, CEO of ESET Southern Africa.
The victim receives an email 'greetings card' that purports to be a declaration of love, which appeals directly to the reader's romantic spirit. Then, to encourage them to download malware, the letter ends with three ellipses and the link inviting them to read the 'full message', which in reality leads to malicious content
"Today we are likely to see more malware using love and roses to reel in yet more victims," says van Vlaanderen.
If there is no antivirus software running on the victim's computer and this Trojan file is downloaded and executed, then Injector. HVG proceeds to modify the victim's hosts file in order to divert them from certain banking sites to pages that look similar to the original, but are actually phishing sites created by cybercriminals with the sole purpose of tricking the victim into disclosing his or her bank details.
Social networks are a major vector for attacks using social engineering. "We hate to pour water on romantic inclinations, but all posts in social media relating to the Valentine theme, especially eye-catching messages about special offers and exclusive gifts should be regarded with suspicion, in order to avoid infection and forestall potential threats."
In particular, be wary of messages that direct to web pages using shortened hyperlinks, such as those from bit.ly. While bit.ly is a very reputable service, bad people, looking for a way to mask the final destination of a link, can abuse it. In fact, these types of links have become a fundamental component of the attackers' toolkit. If you feel you really need to check out where a bit.ly link goes without clicking it, enter a plus sign on the end of the link in the browser URL field (like this: http://bitly.com/w5LAnh+) and you will get a page at bitly.com that shows you the final address.
After social networks, search engines are the primary means used by the attackers to lure users to malicious sites. This is done using BlackHat SEO (Search Engine Optimization) techniques, intended to ensure that malicious websites come at or near the top in Google and other searches on keywords related to Valentine's Day. "Sometimes poisoned SEO results lead to sites that simply waste your time with survey scams while executing click-jacking to defraud advertisers. Remember, nobody is going to give you a $1,000 gift card for your opinion about Pepsi v. Coke or how often you use the Internet," he adds.
If there is a cybernetic gift preferred by lovers, it is the Valentine's Day greetings card. Cybercriminals are well aware of this, which is why they circulate fake cards and fake web links purporting to point to such cards: in fact, they are pointing to malicious code.
Malware isn't the only type of threat to keep in mind. For reasons related to Valentine's Day, there are many applications associated with social networks (especially Facebook) that take advantage of their victim's romantic susceptibilities to trick them into giving them access to far too much information. As with any applications, either on Facebook or on your smartphone, be careful or check what permissions new applications are demanding before accepting!
Of course, Valentine's Day is not just for couples. For many single people, they too are more susceptible to romantic feelings and advances on this date. Therefore, it's not surprising that we also tend to see greater volumes of emails trying to deceive them by offering fun, love and companionship. "These scams are purportedly made on behalf of beautiful women in search of love: however, it's your money they love rather than you," concludes van Vlaanderen.
