Crooks try to romance users with Valentine's Day spam

Share this article:

Eat your heart out, cupid. Valentine's Day still is nearly two weeks away, but the lover's holiday is already attracting the attention of the web's criminal element.

Researchers at Trend Micro on Monday said they have spotted two spam campaigns — one promoting a fake gift card promotion, the other counterfeit watches — in the wild, Maria Alarcon, an anti-spam engineer, said Monday in a blog post. As Valentine's Day nears, internet users should expect the scams to get more malevolent.

"Every special occasion and/or holiday is, in today's threat-laden internet landscape, not just a time for people to celebrate but also a time for spammers to scam unwitting users with their devious scams," Alarcon said, adding that in more malicious cases, the fraudulent emails show up containing links or attachments to viruses.

And if previous holidays and media events are any indication, users also should be on the lookout for poisoned search results, also known as black hat search engine optimization (SEO). Attackers use this tactic to get their malicious links near the top of search results so users are fooled into believing the results are legitimate.

Black hat SEO is the new spam, Mike Geide, senior security researcher at Zscaler, a web security firm, said in a blog post last week. The recent Haiti earthquake is a prime example of this, he said.

"It used to be that when you checked your email and/or email spam folder, there would be a slew of messages with links or attachments that would have titles related to the popular subjects of the time, and would be used to spread malware," he said. "Now the game seems to be that you sip your morning coffee and browse the web — largely driven from search results from Google. However, many of these search results cannot be trusted."

Google has said it uses manual and automated processes to remove malware from its search index.

Share this article:

Sign up to our newsletters

More in News

Errors in ZeroLocker means paying ransom may not decrypt files

A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.

Rogue AV scammers find success with new tatics

Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.