[Security] Valentine’s Day Scams

As February 14 approaches we are likely to see more malware using love and roses to reel in more victims. This time last year, ESET Latin America put together a blog post with more examples of Valentine scams, so that readers would be better prepared when surfing the Internet. What follows is a summary of their advice.
1. Malware in social networks

Social networks are a major vector for attacks using social engineering. We hate to pour water on romantic inclinations, but all posts in social media relating to the Valentine theme, especially eye-catching messages about special offers and exclusive gifts should be regarded with suspicion, in order to avoid infection and forestall potential threats.

While this example is from Twitter, various kinds of scams exploiting gift cards and other special offers are also seen frequently on Facebook.

In particular, be wary of messages that direct you to web pages using shortened hyperlinks, such as this one frombit.ly. While bit.ly is a very reputable service, it can be abused by the bad guys, looking for a way to mask the final destination of a link. In fact, these types of links have become a fundamental component of the attacker’s toolkit. If you feel you really need to check out where a bit.ly link goes without clicking it, enter a plus sign on the end of the link in the browser URL field (like this: http://bitly.com/w5LAnh+) and you will get a page at bitly.com that shows you the final address.
2. BlackHat SEO

After social networks, search engines are the primary means used by the attackers to lure users to malicious sites. This is done using BlackHat SEO (Search Engine Optimization) techniques, intended to ensure that malicious websites come at or near the top in Google and other searches on keywords related to Valentine's Day. We have a short video that explains this type of search engine poisoning. Sometimes poisoned SEO results lead to sites that simply waste your time with survey scams while executing click-jacking to defraud advertisers. Remember, nobody is going to give you a $1,000 gift card for your opinion about Pepsi v. Coke or how often you use the Internet.
3. Fake Greetings Cards

If there is a cybernetic gift preferred by lovers, it is the Valentine's Day greetings card. Cybercriminals are well aware of this, which is why they circulate fake cards and fake weblinks purporting to point to such cards: in fact, they’re pointing to malicious code.
4. Privacy and theft of information

Malware isn’t the only type of threat to keep in mind. For reasons related to Valentine's Day, there are many applications associated with social networks (especially Facebook) that take advantage of their victims’ romantic susceptibilities to trick them into giving them access to far too much information.

As with any applications, either on Facebook or on your smartphone, be careful and check what permissions new applications are demanding before accepting!

5. “Russian Bride”

Of course, Valentine's day is not just for couples. For many single people, this is a date on which they too are more susceptible to romantic feelings and advances. So it’s not surprising that we also tend to see greater volumes of emails trying to deceive them:

While these examples, all including Russian web-links, indicate a particularly frank sexual content, we often see emails where the content is less physical and more romantic. These scams are purportedly made on behalf of beautiful women in search of love: however, it’s your money they love rather than you.

[ Via ESET ]


Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Security] Internet blackout scheduled in protest of SOPA