Kaspersky Lab said that they detected a sharp increase in phishing threats in the weeks leading up to Valentine’s Day. In the first two weeks of February, the total number of attempts to visit fraudulent websites more than doubled, compared to the same time frame in 2018. Experts found that many of these phishing attempts aimed to exploit emotions around Valentine’s Day by using romance-themed messages and links.
Phishing is one of the easiest and most popular social engineering techniques in a cybercriminal’s arsenal. In this type of attack, cybercriminals use fraud and deception to trick consumers into sharing personal information, such as email addresses, passwords, credit card numbers and bank account details. Phishing emails and websites are usually disguised to look legitimate by imitating known brands, so that recipients are more willing to enter their personal data. Major news items, such as popular sporting events or holidays like Valentine’s Day, are often a key driver of phishing campaigns.
The overall number of attempts to visit fraudulent websites that were detected and blocked by Kaspersky Lab solutions peaked dramatically in the first half of February 2019. This number rose from over 2 million attempts in the first two weeks of February 2018, to 4.3 million this year. Kaspersky Lab found that the most affected countries were Brazil (6.4% of detections), Portugal (5.8%), Venezuela (5.5%), Greece (5.3%) and Spain (5.1%).
Further analysis into the phishing emails detected during this time frame revealed that fraudsters were frequently offering pre-order gift items and performance enhancing drugs. These messages were aimed at exploiting consumers’ emotions around Valentine’s Day, and luring them into sharing their personal information.
Kaspersky Lab advises the following tips for consumers to stay safe from phishing threats, both during the Valentine’s Day season and throughout the year:
-Phishers often take advantage of emotions, including those connected with relationships and love, to spread fraudulent sites. Signs that there could be phishers aiming to exploit your emotions include messages that demand immediate action, ask for vast amounts of personal and seemingly irrelevant information, or which simply sound too good to be true.
-Pay extra attention to emails promising ‘one time only’ offers or goods for free. If emails come from people or organizations you don’t know, or have suspicious or unusual addresses, do not respond. Do not click on links until you are sure that they are legitimate and start with ‘https’, especially when they ask for personal or financial information.
-Consider opening a separate bank card and account with a limited amount of money on it, used specifically for making purchases online. This will help to avoid substantial financial losses if your bank details are stolen through a phishing attack.