Scam artists and cybercriminals are looking to turn romance into profit now that Valentine's Day approaches, possibly taking over your computer in the process. According to ESET researchers in Latin America, we can expect the quest for love to be leveraged as an effective social engineering ploy to enable the bad guys to infect unsuspecting users with malicious code.
Malware authors, always eager to exploit their victims' susceptibility and curiosity, see great potential for “romantic” hyperlinks that lead, allegedly, to greetings cards, poems, songs or videos. On the right you can see an early example of such a "card of love" received in the run-up to Valentine’s Day, 2012, analyzed by our research team in Latin America:
Apart from the disappointment that the victim might experience when he realizes that the secret admirer is no such thing, there’s also the significant issue of the risk to all his sensitive financial information.
As you can see from the picture on the right, the victim receives an email “greetings card” that purports to be a declaration of love which appeals directly to the reader’s romantic spirit, trying to make him believe that he is someone’s One and Only. Then, to encourage him to download malware, the letter ends with three ellipses and the link inviting him to read the “full message”, which in reality leads to malicious content.
If you were to follow this link it would try to download a malicious program that is detected heuristically by ESET products as a variant of Win32/Injector.HVG Trojan. (According to the information gathered by our Latin America researchers, the threat in question was downloaded approximately 430 times between January 20 and 24).
If there is no antivirus software running on the victim's computer and this Trojan file is downloaded and executed, then Injector.HVG proceeds to modify the victim’s hosts file in order to divert him from certain Chilean banking sites to pages that look similar to the original, but are actually phishing sites created by cybercriminals with the sole purpose of tricking the victim into disclosing his bank details.
As February 14 approaches we are likely to see more malware using love and roses to reel in more victims. This time last year, ESET Latin America put together a blog post with more examples of Valentine scams, so that readers would be better prepared when surfing the Internet. What follows is a summary of their advice.
Social networks are a major vector for attacks using social engineering. We hate to pour water on romantic inclinations, but all posts in social media relating to the Valentine theme, especially eye-catching messages about special offers and exclusive gifts should be regarded with suspicion, in order to avoid infection and forestall potential threats.
While this example is from Twitter, various kinds of scams exploiting gift cards and other special offers are also seen frequently on Facebook.
In particular, be wary of messages that direct you to web pages using shortened hyperlinks, such as this one from bit.ly. While bit.ly is a very reputable service, it can be abused by the bad guys, looking for a way to mask the final destination of a link. In fact, these types of links have become a fundamental component of the attacker’s toolkit. If you feel you really need to check out where a bit.ly link goes without clicking it, enter a plus sign on the end of the link in the browser URL field (like this: http://bitly.com/w5LAnh+) and you will get a page at bitly.com that shows you the final address.
After social networks, search engines are the primary means used by the attackers to lure users to malicious sites. This is done using BlackHat SEO (Search Engine Optimization) techniques, intended to ensure that malicious websites come at or near the top in Google and other searches on keywords related to Valentine's Day. We have a short video that explains this type of search engine poisoning. Sometimes poisoned SEO results lead to sites that simply waste your time with survey scams while executing click-jacking to defraud advertisers. Remember, nobody is going to give you a $1,000 gift card for your opinion about Pepsi v. Coke or how often you use the Internet.
If there is a cybernetic gift preferred by lovers, it is the Valentine's Day greetings card. Cybercriminals are well aware of this, which is why they circulate fake cards and fake weblinks purporting to point to such cards: in fact, they’re pointing to malicious code.
Malware isn’t the only type of threat to keep in mind. For reasons related to Valentine's Day, there are many applications associated with social networks (especially Facebook) that take advantage of their victims’ romantic susceptibilities to trick them into giving them access to far too much information.
As with any applications, either on Facebook or on your smartphone, be careful and check what permissions new applications are demanding before accepting!
5. “Russian Bride”
Of course, Valentine's day is not just for couples. For many single people, this is a date on which they too are more susceptible to romantic feelings and advances. So it’s not surprising that we also tend to see greater volumes of emails trying to deceive them:
While these examples, all including Russian web-links, indicate a particularly frank sexual content, we often see emails where the content is less physical and more romantic. These scams are purportedly made on behalf of beautiful women in search of love: however, it’s your money they love rather than you.
ESET Latin America
André Goujon and Sebastian Bortnik
David Harley and Stephen Cobb
Author Stephen Cobb, We Live Security