Those on the lookout for love online should take heed—a quarter of Valentine’s Day-themed spam emails intercepted by Bitdefender’s filters between January 17 and February 8 were identified as scams aimed at defrauding recipients.

These scams, designed to steal money from unsuspecting consumers, often masquerade as harmless messages containing fake advertisements, promotions, giveaways and offers, as well as invitations to dating platforms.

Originating primarily from the United States, approximately 79% of the Valentine’s-themed spam correspondence carries the risk of financial exploitation for recipients, according to the report.

Alina Bizga, security analyst at Bitdefender, explained that phishing campaigns that coincide with Valentine’s Day are usually aimed at individuals looking to purchase gifts for their special someone.

“This year is no exception, with the bulk of scam messages targeting potential online shoppers with special deals on jewelry, flowers and other themed knick-knacks,” she explained.

Preferred tactics include setting up fake websites offering popular gifts at significantly reduced prices or baiting users with the chance to win cash prizes or vouchers that they can use to impress their loved ones.

“It seems cybercriminals opted to target potential shoppers more so than individuals looking for love this year,” Bizga added. “Additionally, cybercriminals are likely employing more AI tech into these types of seasonal scam campaigns to make them better and improve efficiency more this year than in the past.”

She explained that AI-generated phishing emails have some distinguishing features that include content tailored to the recipient’s interests and habits.

“Phishing emails that use machine learning algorithms can be highly personalized and appear more credible to the recipients,” Bizga said. “The lingo of the emails is highly improved, with near-perfect grammar and spelling.”

Despite their near-perfect appearance, which may contain contextually relevant information for recipients, AI-generated phishing emails are still about convincing the user to act quickly and provide data.

The report mentions that scammers are recycling old ruses and reusing email templates, with some e-mail-based scams the same recycled swindles she said Bitdefender sees almost every Valentine’s Day.

Bizga said enhancing email security and protecting against phishing attempts during significant scam seasons requires a multi-layered approach.

“Awareness is the first defense against phishing,” she explained. “Recognize the signs of phishing or emails, such as generic greetings, too-good-to-be-true offers, unsolicited links or attachments and requests to provide sensitive info or money.”

She said the best way to protect your wallet and personal information is to avoid interacting with any unsolicited emails that contain such offers.

“Other red flags include cash giveaways and freebies that are usually linked with surveys and ask for your personal info and credit card details,” Bizga cautioned.

Joseph Carson, chief security scientist and advisory CISO at Delinea, said romance scams are popular because they frequently target unsuspecting victims by gradually earning their trust before taking advantage of them.

“They tend to take a longer time from criminals as they need to build and earn the victim’s trust first before tricking them into sending money or unknowingly infecting their system with malicious software,” he said.

He points out that a major increase in romance scams is not for a financial reward but to gain unauthorized access to the victim’s employers’ systems and data.

“These types of social engineering techniques are typically more targeted at high-level employees with a goal to get them to leak data or click on a malicious payload that would infect their company devices,” Carson explained.

Mayuresh Dani, manager of security research at Qualys Threat Research Unit, said the latest lures he has seen are where these Valentine’s-themed scam emails will use QR codes.

These emails ask users to scan the QR code for a message from a loved one, a free holiday together, or something similar.

“Users can protect themselves by inspecting the URL scanned from a QR code before opening,” he explained. “They should also make sure that the scanned URL is not spoofed or look for other signs such as typosquatting.”

He also suggested avoiding scanning a QR code in an email or text message the user wasn’t expecting, keeping smartphone OS/apps updated, and protecting online accounts with strong passwords and multifactor authentication.

Image source: Photo by Debby Hudson on Unsplash