Lonely-hearts are criminals’ biggest target on Valentine’s Day
by Sibahle MalingaSecurity firms are warning of two prominent online scams this Valentine’s Day –romance fraud and online shopping scams.
As people around the world find the best way to celebrate Valentine’s Day, cyber criminals also seem to be caught up in the “spirit of love”, by targeting consumers through online shopping sites and also by attempting to “build relationships” on dating apps.
According to American consumer watchdog Federal Trade Commission, romance scams rank number one for total reported losses. Its Consumer Sentinel Network received more than 21 000 reports of romance scams in 2018, with people reporting a total loss of $143 million.
Popular dating apps used worldwide, such as Tinder, Bumble or Zoosk, often become bait used to spread mobile malware, or retrieve personal data to later bombard the users with unwanted ads, or even to coerce them into spending their money on expensive paid subscriptions.
These criminal attempts have nothing to do with legitimate apps, as the related files only use a name and sometimes copy the design of authentic dating services.
Security firm Kaspersky says 2019 saw a circulation of 1 486 threats under the guise of over 20 popular dating applications in Africa, with 7 734 attacks on 2 548 users detected.
The countries attacked most often were SA, accounting for 58% of all attacks in the region, followed by Kenya (10%) and Nigeria (4%).
“Love is one of those topics that interests people universally, and, of course, that means cyber criminals are also there,” comments Vladimir Kuskov, head of advanced threat research and software classification at Kaspersky.
“Online dating has made our lives easier and yet uncovered new risks on the path to love. We advise users to stay attentive and use legal versions of applications that are available in official application stores.”
Notably, cyber criminals would most often choose Tinder to cover their malicious files: this app’s name was used in nearly a third of all cases, with 493 files detected in Africa.
The danger these malicious files bring varies, ranging from Trojans that can download other malware, to ones that send an expensive SMS, to adware.
Anna Collard, MD of security firm KnowBe4 Africa, says while many people have found their current spouse online, unfortunately, dating apps don’t only attract lonely hearts, but scammers too.
“In 2019, more people reported losing money to romance scams than to any other fraud. It’s not only women who fall victim – 60% of victims are female. They are there to steal people’s money or manipulate them into doing things they wouldn’t normally do.
“The scammer sets up a fake identity, often multiple ones. They then proactively look for and contact their victims .Their preferred target age group is between 40 and 60 and seemingly lonely, shy or introverted, with job titles such as accountants, IT or analyst.”
The next step, called the cashing out stage, is where the scammer starts asking for small amounts of money, and there will always be an excuse as to why they can’t meet in real life yet, notesCollard.
“After having received small amounts of money, the scammers will come up with a big emergency sob story, or even a staged alteration in front of the camera, where they will then try to solicit a larger sum of money.“
Tell-tale signs to watch out for include: the scammer falls in love too fast, the e-mail address doesn’t match the scammer’s name,the online person is from a foreign country and isn’t keen to meet anytime soon, Collard cautions.
Online shoppers targeted
Experts also warn of scams designed to lure shoppers away from legitimate sites and draw them toward phishing shopping apps, or cloned Web sites, supposedly offering significantly lower Valentine’s Day discounts.
Cyber security firm Check Point Research says over the past two years, it has identified the use of the word “Valentine” within malicious Web sites during the month of February. In both 2018 and 2019, the increase was over 200% compared to the previous years.
“On this special day for lovers, we know that a number of people will turn to online shopping as they dash to get that last-minute gift or great deal for their loved ones,” saysPankaj Bhula, regional director of Africa at Checkpoint.
“Cyber criminals do not only stop at deceptive Web site names, they also make good usage of deceptive e-mail messages in order to lure users to phishing sites and even to spread malware. Last year, it was reported that an e-mail campaign was spreading GandCrab Ransomware around Valentine’s Day, with e-mail subjects such as ‘This is my love letter to you’, while this year we already see some examples of such Valentines themes, which might be part of a wider campaign that will be spread later in the month.”
To avoid falling victim, Bhula recommends online shoppers verify they are ordering from an authentic source, by googling their desired retailer and clicking the link from the Google results page.
“Also beware of ‘special’ offers. An 80% discount on the new iPad is usually not a reliable or trustworthy purchase opportunity. Be on the lookout for lookalike domains, spelling errors in e-mails or Web sites, and unfamiliar e-mail senders.”