BLOG: Valentine’s Day Phishing Scams

Valentine’s day is universally known as the day when people show their affection for another person or people by sending cards and gifts with messages of love but criminals are targeting online daters in the lead up to Valentine’s Day, according to trade group UK Finance. This coincides with recent reports that show there has been an overall rise in online fraud as scammers and threat actors take advantage of people affected undesirably by the Covid-19 pandemic.

Our society inclines towards online shopping due to everyone being overly occupied with their jobs alongside the rising pandemic, there’s not a lot of time or ability to shop in person. The increase in online shopping has also resulted in an increase in phishing practices on the internet. It has become a prevalent issue within society ranging from the number of online scandals, including fake websites, and stealing money from accounts. These occurrences suddenly surge during holidays or festivals. Valentine’s Day has led to a rise in scams too Pandora, one of the largest jewellery brand, became a victim of this malicious practice recently, according to a report by CheckPoint.

Renowned jewellery brand Pandora became a target of an online phishing scam when people were sent emails by a fake website trying to copy the jewellery brand. The fake website showed Pandora products at an excessively low rate during Valentine’s week.

The fake jewellery website targeted people by showing unreasonably cheap products and marking them as Valentine’s discount. The report spoke about an emailer sent to various email ids/probable customers trying to buy special presents for their loved ones. Initially the emailer looked genuine, but intricate elements made it clear that is was apart of a phishing attempt. The first one being the address of Pandora, which was written in lower case and it was unusual for the original Pandora website and emailers.

The year on the emailer was not updated to 2021 and still showed 2020, this proved that the email was fake, however, there were other giveaways too, like the bogus email address from which the mails were sent was not related to Pandora. On top of that, clicking on any of the links, directed the customers to a fake page that had a relatively different URL but the website looked easily comparable to the original Pandora.

Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are also spreading the BazaLoader malware. Numerous individuals have received “recent order” email confirmations for flowers or lingerie. These emails are part of a spear-phishing attack, which ultimately leads recipients to a malicious text that executes the BazaLoader malware.

The BazaLoader downloader is written in C++ and has the key function of downloading and implementing additional modules. The spear-phishing campaigns were distributed across a diverse set of companies and sectors. Researchers said that if the user visits the website, goes to Contact Us, and enters the order number in the order ID, the site will redirect the user to a landing page, the landing page links to and explains how to open the Excel sheet. The Excel sheet contains macros that will download BazaLoader if enabled.

It is vital that we stay vigilant in order to avoid any risk of falling victim to the surfacing phishing attacks. To read our spearphishing blog, click here