Valentine’s Day a hot bed for cybercriminals

Always think twice before clicking on 'too good to be true' online deals and rather go directly to a retailer’s website or app to buy gifts for your loved ones

Large-scale festivals, or events which generate a substantial volume of online sales, are a prime target for cybercriminals.

Case in point being Valentine’s Day, where security experts have urged residents across the UAE to remain extra vigilant as they shop for flowers and gifts for their loved ones. They have also stated that residents aren’t the only demographic to be targeted, with many cybercriminals looking to crack through the defenses of large companies as well.

“On Valentine’s Day, even cyber attackers look for love,” said Manikandan Thangaraj, VP at ManageEngine. “However, for them, love is all about getting their hands on sensitive corporate data. The fact that many people nowadays use public or home networks, along with unmanaged devices, to get work done has made it easier for attackers. Every year, around this time, we witness numerous cyberattacks that take advantage of individuals looking for gifts and special sale offers to present to their loved ones.”

Customised phishing and drive-by download campaigns, he explained, are used as the means to get an initial foothold into a company’s network. From here, sophisticated attacks such as ransomware could also be launched. To make sure attackers don’t take any piece of their network, organisations need to educate their employees about safe practices, and they should also have the right event management solution in place to detect signs of initial access, lateral movement, privilege escalation, and data exfiltration.

“Cybercriminals won’t not love it, but the organisations they target will,” Thangaraj said.

Wafic Daya, Advanced Cyber Fusion Center Lead at Axon Technologies, also highlighted the fact that many people will be trying their luck in online dating, making some an easy target for online imposters lurking behind false profiles and fabricated pictures. An obvious method for imposters, but if someone with very attractive pictures reaches out to you on a social network, expressing their interest to start a romantic relationship, then it is probably a scammer trying to con you out of cash, he said.

“Remember, the scammers’ goals are mostly with the intention of having a financial gain,” Daya said. “It is always crucial to verify the authenticity of the profile of the person you are communicating with. Try to ensure that it is always the same person in all the pictures. Double-check the date the photo was uploaded – are they posted in the same short timespan? If yes, then they’re most probably fake.”

Scammers, he said, are lazy and often impatient. Check their friends and followers, as well as any Likes, and comments on the pictures. Also, check if they have a detailed bio, and if there are any locations or captions on their posts. If their profile lacks social interaction from authentic acquaintances, then that’s also another red flag.

“Never reveal too much information about yourself; don’t share anything that could lead you to extortion or blackmail. Never click on any random links; don’t send money or gifts to strangers. Keep your financial information confidential and never share any login credentials. Finally, always remember – if it’s too good to be true, then it probably is…” he warned.

Werno Gevers, regional manager, Mimecast Middle East, also noted how shopping and other online activities have exploded in the last couple of years, due to accelerated digital transformation, as well as the ongoing Covid-19 pandemic.

“Criminals capitalise on days like Valentine’s to trick people into handing over money or confidential information,” he said. “It has become really easy for criminals to impersonate well-known retailers by setting up fake websites that look remarkably like the real thing. They can easily direct consumers to malicious websites using pop-up ads or phishing links in marketing emails.”

Any legitimate Valentine’s deal will feature on the retailer’s website, so it is always better to go directly to the real website or use their mobile app, he cautioned. “Keep information such as names, address, and credit card details safe by not connecting to public networks such as those at coffee shops or airports, as these are invariably less secure and easier to compromise.”

He added: “Organisations will also need to go to greater lengths to protect their brands from cybercriminals who imitate their websites and e-mails, and launch phishing attacks on their customers. Companies need to implement brand exploit protection services that help protect their brands online, and use tools such as DMARC which limit the ability of threat actors to hijack their email domains for nefarious purposes.”

rohma@khaleejtimes.com