Valentine’s Day might be the time for love and romance, but it is also a time when cybercriminals will try and trick users with well-thought out phishing email campaigns. According to Check Point Research, there’s been a surge in malicious phishing email campaigns in the second half of January in the build up to Valentine’s Day.
The cybersecurity firm states that over 400 malicious Valentine’s Day themed individual phishing emails are spotted every week. It also noted that there was a 29 per cent year-on-year increase in Valentine’s Day themed domains registered in January, and out of the 23,000 domains, 523 were found malicious or suspicious.
Some campaigns try and trick users with fake shopping websites, given many users are looking to buy gifts online for their loved ones. For cyber-criminals this presents a good opportunity and many of the phishing emails offer products at unreasonably reduced prices.
One example that Check Point found was an email pretending to be from the jewellery retailer Pandora and offering items at very low prices. When you click on the link in the email, you are redirected to a fake Pandora webpage, which tries to imitate the look and feel of the real site, according to the cyber security firm.
Typically such emails have the company address written in lower-case, indicating that the email is from a dubious source and the website is fake. Check Point says that users should first check the official site on Google before clicking on any such offers sent via email.
While email is the most common vector used for phishing attacks, others such as phishing sites and text messages are also being used to steal user credentials. Check Point warns these can lead to devastating results such as data loss, fraudulent money transfers, etc.
“As mentioned, since these attacks are specifically designed to exploit the human nature of wanting a good deal, it is extremely important to prevent these attacks from ever reaching their desired victims – because even the most vigilant and cyber-savvy amongst us can sometimes get fooled,” the cybersecurity firm warned in a blog post.
How to avoid falling victim to these phishing attempts?
#Users should always check if they are ordering online from an authentic source. It is better to not click on promotional links sent via emails. One should try and search for an official link from Google results page.
#One should never share credentials with anyone. There are a lot of people who reuse usernames and passwords across many different accounts. So if by any chance hackers access one account, it will be much easier for them to access other online accounts. One should keep different and strong passwords for each account.
#If you receive an unsolicited password reset email, don’t click on embedded links. You should first visit the official website and change your password.
#Beware of “special” offers. Check Point says an 80 percent discount on an iPhone or an item of jewellery is “usually not a reliable or trustworthy purchase opportunity.”
#Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.