If you are a small business in retail, health care IT, or any industry for that matter, it is time to wake up and smell the roses.

While most of the world enjoys the season of love, the people running the dark web are getting cozy with new strategies to take over your systems, data, and privacy. Valentine's Day is a huge attraction for cybercriminals and hackers, who love nothing more than to hack into your systems and steal your data.

Just like we take the time to research the best gifts for our loved ones, hackers conduct extensive research on their victims. Whether a rosy phishing mail urging you to purchase the perfect gift at an amazing discount, or a malvertisement that directs you to a spoofing website for a free gift, hackers know just how to trick you into becoming a victim.

Businesses and individuals susceptible to an attack

According to Security Today, small and medium-sized businesses (SMBs), retailers, and restaurants are the industries most affected by cyberattacks during the Valentine's Day holiday.

An employee at any type of organization, an SMB for example, might click on malware advertising, or a component of a phishing scam, and compromise its sensitive data. Clicking on what looks like a customized online greeting card could lead to malware being installed on an employee's computer that ultimately serves as the backdoor for a hacker to exploit the entire network.

The retail industry might face indirect repercussions due to spoofing. Hackers could send malicious ads, claiming to be a retailer, and this could affect the retailer who utilizes actual advertisements and sends real emails about their discounted products or sales during Valentine's Day.

Restaurants, e-commerce businesses, and food delivery companies are susceptible to an attack during this time as well, due to malware afflicting POS transactions and systems, and vulnerabilities in payment gateways. Cybercriminals could remotely infiltrate the POS transactions, and steal payment card information and consumer data.

Not just businesses, but individuals are likely targets too. With COVID-19 leading to many businesses adopting a hybrid model or fully shifting to remote work, employees might not be working in a secure network with protocols implemented by the organization and might resort to shadow IT practices. What they're doing in their personal lives might impact the cybersecurity of the organization's data. For example, an employee might use an unmanaged device for official purposes on a public network, let's say at a coffee shop. This paves the way for strangers to potentially access confidential corporate data.

The advent of online dating has also led to several scams, resulting in huge financial and romance-related harm.

Action Fraud, the United Kingdom's reporting center for fraud and cybercrime, reports that over 92 million Euros were lost during 2021 due to dating scams. The agency also observed that daters were most susceptible to romance fraud during the months after Valentine's Day. The National Fraud Intelligence Bureau (NFIB), a police unit in the United Kingdom, reported that criminals took their time to build the relationship with the victims and began to ask for financial favors stating emotive reasons in the following months. The NFIB reported a spike of 901 reports of dating scams resulting in losses of 8.7 million euros in March 2021 and a staggering loss of 14.6 million euros in May 2021, three months after Valentine's Day.

Hackers love Valentine's Day

Every year, Valentine's Day sees a surge in malicious actors hoping to gain access to sensitive information and confidential enterprise and consumer data. While phishing attacks are the most common go-to for cybercriminals, ransomware is an increasingly popular choice stemming from the rise of Ransomware as a Service (RaaS) organizations in the cyber world.

A good example is the GandCrab RaaS attack in 2019 that persisted for 12 months. On Valentine's Day 2019, the threat actors behind the GandCrab ransomware used it to target their victims. They had been experimenting with the malware for over six months and over different holiday seasons.

The GandCrab attack was designed so that it only attempted to target non-Russian victims; if the victims had a Russian-configured keyboard, the execution of the infection was terminated. The hackers gained access to the victims' files through fake websites or customer surveys promising victims great deals and fake vouchers on popular gift items.

Once the hackers gained access, they encrypted the files and changed their file extensions with randomly generated ones. Each of the files now contained a ransom note that would pop-up once the victim clicked on it. The note would have a URL that would contain a unique token which was used to identify the victim. The note also contained instructions on how to pay the ransom through cryptocurrency, with the extortion amount varying according to the perceived value of the data.

A more recent example is the BazaLoader attack generated through a phishing email claiming to be from a flower store called Rose World. BazaLoader is a malware which, when downloaded, can facilitate other attacks like ransomware.

Last year during Valentine's week, several users were greeted with a phishing email from Rose World, a (fake) flower store, about a purchase they had supposedly made there. The email contained an invoice and an order number they had to check in the Contact Us webpage on the fake website for the store. This would lead them to a landing page that instructed them how to open an Excel sheet which contained their "purchase" details. This Excel sheet included macros, and once these were enabled, BazaLoader would be downloaded into the victim's computer.

Once downloaded, BazaLoader initially remains inactive, but then connects to the control and command server of the host computer. It opens a backdoor and installs Cobalt Strike, which is a legitimate information security software. But cybercriminals can use this software to work their way through the network, deploy malware, and steal confidential information.

Warning signs and precautionary measures

Due to the increasing number of attacks, a FBI field office recently issued a public warning about bad actors using romance scams to make a quick buck surrounding the Valentine's Day holiday. According to the FBI press release, after assessing all the complaints received by FBI's Internet Crime Complaint Center (IC3), the amount of money victims lost to romance scams totaled more than $281 million.

The press release provides a list of warning signs for detecting scams and mentions some precautionary measures you can take to avoid becoming a victim.These include:

Being alert to attempts to pressure you to provide financial assistance, perhaps by encouraging you to connect outside the dating website through email or instant messaging, trying to obtain your personal or financial information, and claiming to have an extensive knowledge of cryptocurrency investments that will help you make profits.

With cyber fraud, phishing scams, and malware becoming common vocabulary on occasions like Valentine's Day, it is important to exercise caution and take measures to ensure your organization and its employees are protected from malicious threat actors.

Apart from educating employees to remain vigilant and refrain from sharing PII or payment card data, it is vital that organizations continuously monitor and review their server access and firewall logs, to detect suspicious activity that might indicate a possible attack.

While many look out for a possible soulmate on Valentine's Day, let's not forget to keep an eye on our systems and data. There is a high chance that a cybercriminal has been eyeing these for a long time already.

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.