Share your love, not your credentials

There has been a staggering 152% increase in new Valentine’s Day-related domains registered in January, compared to the month before.

This year, 6% of the new domains were found to be malicious and 55% were found to be suspicious. In the past month, one out of every 371 malicious e-mails was related to Valentine’s Day.

This was revealed by Check Point Research (CPR). The company found an example of a phishing scam focused on buyer fraud. The malicious phishing e-mail used “The Million Roses” branding to tempt victims into buying presents for Valentine’s Day.

A fraudulent e-mail, sent from a spoofed address, listed a company address that was different from the legitimate “The Million Roses” brand. This is a sure sign that the e-mail is from a dubious source, and the Web site is fake.

Anyone who clicked on the link in the e-mail would have been redirected to a fraudulent malicious link, which while currently inactive, attempted to mimic “The Million Roses” legitimate Web site.

“Phishing is the most common type of social engineering,” says CPR. “These attacks occur when bad actors send messages pretending to be a trusted person or entity. The messages manipulate users into performing actions like installing a malicious file, clicking on a malicious link, or divulging sensitive information such as login credentials.”

In addition, CPR says social engineering is an increasingly common threat vector used in almost all security incidents, and like phishing, are often combined with other threats, such as malware, code injection, and network attacks.

Phishing is also the main cause of ransomware, as these attacks are carefully crafted to exploit the human nature of finding a bargain, CPR says.

To avoid falling victim, CPR advises to to always treat e-mails that either threaten negative consequences, or demand immediate action with caution. Phishers hope that by invoking fear, or getting users to read the e-mail in a hurry, will make them scrutinise the content for inconsistencies less thoroughly.

Next, CPR says to keep an eye on the message style. An instant clue that something foul is afoot is when a message has inappropriate tone or wording. If a colleague sounds overly casual, or a close friend too formal, this should trigger suspicion.

Then there’s unusual requests, the company says. An e-mail requiring you to perform non-standard actions could be malicious. For example, it should raise a red flag if an e-mail claims to be from a specific IT team asking for software to be installed, when these activities are usually handled centrally by the IT department.

Spelling and grammar errors are another sign that something anomalous is going on.Most companies use spell check, so any typos should raise the alarm because the e-mail may not come from who it says.

Also, Web address inconsistencies, such as mismatched e-mail addresses, links, and domain names, are a sure sign something is wrong. It’s a good rule of thumb to always cross reference previous communication with the e-mail address.

CPR advises recipients to hover over a link in an e-mail before clicking it to confirm the actual link destination. If the e-mail is believed to be sent by The US Postal Service, but the domain of the e-mail address does not contain “usps.com”, it’s unlikely to be legitimate.

Finally, remember that no genuine company will ever request credentials, payment information or other personal details over e-mail. Ever.

CPR offers up a few more tips. Always be suspicious of password reset mails, because by sending a fake password reset e-mail that directs you to a lookalike phishing site, attackers can convince you to type in your account credentials and send those to them.

Under no circumstances share your credentials, as credential theft is the aim of most cyber attacks, and because people tend to reuse usernames and passwords across many different accounts, having them stolen gives criminals the keys to the kingdom.

Finally, remember the old adage, of when something seems too good to be true, it is. Any offer that seems wildly cheap, is likely a ruse, such as an iPhone for a couple of hundred rands, and suchlike. “Always verify you are ordering online from an authentic source. Never click on promotional links in e-mails, instead Google your desired retailer and click the link from the Google results page.”