Application security, Incident Response, Malware, TDR

Valentine’s Day-themed spam already rampant

While stores are busy stocking chocolates, cards and red roses in preparation for Valentine's Day, cybercriminals are also gearing up for the day of love, researchers have warned.

In fact, there are already at least 50,000 unique Valentine's Day-themed spam emails in circulation, David Perry, global director of education for Trend Micro, told SCMagazineUS.com on Thursday. Many of the junk messages spoof well-known floral companies and supposedly offer discounts on floral arrangements or other Valentine's Day merchandise.

“Don't trust any unsolicited email, ever,” he said.

One Valentine's Day-themed spam campaign is aiming to trick users into handing over their email addresses when attempting to unsubscribe from future offers, Cristina Buenviaje, an anti-spam research engineer at TrendMicro, wrote in a blog post Wednesday.

The messages, which come with the subject line “Send your Valentine Flowers – from $19.99 with a vase,” contain a legitimate-looking advertisement for discounted floral arrangements. Clicking an “order now” button redirects users to a site that says the offer is no longer available. 

Seeing the expired offer page may cause users to become suspicious and attempt to unsubscribe from future correspondence. Clicking a link to unsubscribe leads to a page that instructs users to enter their email address to stop receiving future messages.

“Users should never ‘unsubscribe' from anything they didn't subscribe for in the first place,” Buenviaje wrote. “Entering your email address into this page is like handing it over to spammers.”

Other threats could come in the form of Valentine's Day-themed e-cards, which may even look like they have been sent from someone a recipient knows, Perry warned.

With fake e-cards, users are often told they need to install software to view the card, Randy Abrams, director of technical education at ESET, told SCMagazineUS.com in an email Thursday. The software, though, usually leads to rogue anti-virus programs or other malware being installed on a victim's PC. 

Users should be careful not to click on links or attachments contained in unsolicited emails or instant messages.

Meanwhile, researchers at ESET have already discovered malware on several sites with the word “valentine” in the URL, Abrams said.

“Typically, as we get much closer to Valentine's Day, we see an increase in attacks,” he added.

Cybercriminals will likely use search engine optimization tactics to “poison” Valentine's Day-related web queries so their malicious links appear near the top of search results.

“Searches related to Valentine's Day start to surge at this time each year,” Abrams said. “The criminals know what people are looking for and will try to snare uses by optimizing results to drive traffic to their malware.”

Attackers will also likely distribute Valentine's Day-themed malware campaigns on social networking sites such as Facebook, Perry said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.