With Valentine's Day falling this Sunday there have been multiple warnings about malware and scams relating to the celebration.
McAfee has warned of suspicious cards, a common Valentines and holiday trick, with malware-ridden Valentine e-cards containing love notes such as ‘deeply in love with you' and ‘only you in my heart'. The user is enticed to click on a link to malware disguised as cute red hearts. If clicked on, nasty malware is unleashed on the user's computer.
Similar malware campaigns were also spotted by PandaLabs, that also detected the romantic greetings cards. It found that cyber criminals were exploiting channels such as Facebook or Twitter, which involves obtaining confidential information from users by convincing them to take a series of actions.
Luis Corrons, technical director of PandaLabs, said: “The continued use of social engineering by cyber crooks is a good indication of the infection ratios that this technique for tricking users returns. Otherwise, they would simply have stopped using it.”
In a similar vein, PC Tools has warned of the new ‘Flirt Bot' attack, which is targeting computer users specifically through their instant messenger accounts. These work by striking up a conversation in a chat room and enticing users into visiting infected websites or for ID theft and financial fraud.
Richard Clooke, UK spokesperson for PC Tools, said: “This is the first Flirt Bot we've seen since the ‘Cyberlover' in 2007. However, it seems that the intelligence behind these types of attacks has moved on significantly in this time. The software is now smart enough to tailor its responses to your answers and will be harder for even the more digitally active user to identify and therefore avoid.”
He added: “This specific bot is exploiting the MSN chat forums, but generally it could be targeting any type of chat forum in order to make contact. We believe Flirt Bot is taking particular advantage of the seasonal interaction of people in chat rooms in the run up to Valentine's Day.”
The event does not just affect users, but also businesses, according to Network Box, that claimed that the day should mean businesses prepare for an increase in the number of spam and cyber attacks. As Christmas 2009 saw a dramatic rise in the level of phishing attacks with 57 per cent of all malware related to it, a similar peak is expected to be reached over the Valentine's Day period.
Simon Heron, internet security analyst at Network Box, said: “Phishers are always looking for ways to catch people off guard and Valentine's Day presents the perfect opportunity. Valentine's Day is all about accepting messages from unknown admirers, which is extremely dangerous in security terms.
“We advise businesses to ensure that their systems are fully updated and patched, and that employees are made aware of the increased risk. Many people will think they can spot a fraudulent Valentine's Day spam email, but will they be as aware of the risk when communicating over social networks and adding Valentine's Day apps to their profiles?”
With regard to profiles, there are those who are not with a partner on Valentine's Day, and this poses problems too. BitDefender said that those looking for love on dating websites could fall foul of sites that do not offer explicit privacy policies, or respond via spam emails.
UK managing director Nick Billington said: “While there are many respectable and reliable e-dating services, online daters should be extremely careful when choosing the best service to meet their needs.
“Even the most trivial information — like your mother's maiden name or first pet's name — can be exploited by cyber criminals. Many of these details may seem unimportant, but they can serve as password recovery hints for email addresses or online banking accounts. Moreover, online daters must be careful never to share financial data, such as bank accounts, credit card numbers or PINs.”