With inflation at a high this Valentine’s Day, clicking on an ad for 80% off roses and chocolates sure sounds phishy!
Since Jane 2022, cybercriminals have already been registering new domains to prepare to attack people on 14 Feb.
In fact, according to Check Point Research (CPR), the registration of new suspicious and malicious domains this year has jumped by 152%.
In one example of a phishing scam, an established brand in the US, The Millions Roses was used as bait in a phishing email sent from a spoofed address.
The email listed a company address that was different from the legitimate brand and brought visitors to a fake website (picture) to have their hearts and wallets broken.
Avoiding broken hearts and wallets
Increasingly, social engineering is being used to in combination with phishing and malware, code injection, and network attacks. This Valentine’s Day will be no different. CPR reminds readers to stay vigilant amid the celebrations and jubilations and:
- be suspicious of password reset emails: If you receive an unsolicited ‘password reset’ email, always visit the website directly (do not click on embedded links) and change your password to something different on that site (and any other sites with the same password)
- never EVER share your log-in credentials: Many people reuse the same usernames and passwords across many different accounts, so attacks lust after credentials for just one single account because that can likely provide access to a number of the user’s online accounts.
- beware of too-good-to-be-true offers: An 80% discount on a new luxury phone or an item of jewelry is usually not a reliable or trustworthy purchase opportunity
- always verify you are ordering online from an authentic source: Do NOT click on promotional links in emails: instead use a good search engine to find your desired retailer and click the link from the results page
As always, basic cyber hygiene practices advocated regularly in CybersecAsia.net apply EVERYDAY, EVERY MINUTE, and not just on special occasions.