Spam levels always rise when a holiday or special event approaches. Symantec researchers are observing a surge of spam as Valentine’s Day gets closer and closer. Unbelievable discounts on jewelry, dinners, and expensive gift articles are the key themes for the Valentine’s Day related spam. Further popular fake promotions include: online pharmaceuticals, fake e-cards, gift cards, chocolates, and flowers. The purpose of these fake promotions is to capture a user’s personal and financial details.
Valentine’s Day related spam can easily be spotted by observing the “From” header as shown below:
- From: "Valentine's Berries" <info@
- From: "Valentine's Bouquets" <info@
- From: "Valentine's Gifts" <info@
- From: "Valentine's Presents" <info@
- From: "Valentine's Decor" <info@
- From: "Valentines Day Gifts" <info@
- From: "Valentines Day Sweets" <info@
Subject lines used in Valentine’s Day-related spam may include the following:
- Subject: Impossibly delicious berries from $19.99 - the PERFECT gift for Valentines Day!
- Subject: [BRAND NAME REMOVED] Valentine's Day sweepstakes- hkamela@
- Subject: Order Now! Valentine's Day Flowers and Gifts from $19.99!
- Subject: Seduce your Valentine with our most loving gifts
- Subject: Valentine's Day Special Discount Offer - Flowers, Plants & Gifts
- Subject: Buy 2 bottles, get one FREE - Wear that little black dress by Valentine's Day with [BRAND NAME REMOVED]
- Subject: Be Different! Give yourself a Gift for Valentine's Day -- Get Thin with [BRAND NAME REMOVED]
- Subject: BOGO for 2 free bottles - Wear that little black dress by Valentine's Day with [BRAND NAME REMOVED]
- Subject: Got Fat? Get Thin. Lose 30 pounds before Valentine's Day!
In one spam sample, the spammers invite users to purchase some silver, gold, and platinum jewelry. Users are informed that they will receive additional free incentive gifts with said purchase. By clicking on the link, the user is redirected to a page asking for the user’s personal information in order to receive the gift that they have selected.
Social network spam is not far behind other information-stealing techniques when it comes to capturing a user’s personal data. There are many fake applications targeting Valentine’s Day that direct the user to a survey site. Below is an example of one such fake application.
In 2011, we observed other prominent attacks targeting Valentine’s Day such as phishing and e-card downloading malware. We expect these attacks to also reveal their presence this year too. We recommend that our readers follow the general security practice guidelines before placing any online transaction as spammers would only be too happy to gorge on a cupid-stricken heart.
Be aware of the general security practice guidelines:
- Do not open unsolicited emails from unknown sources.
- Do not click on any links included in email messages. Instead, type the link in the address bar.
- Do not open attached files that claim to be Valentine’s greeting cards, e-cards, etc.
- Buy products from authentic websites that are protected by SSL certificates.
- Install effective antivirus and antispam solution software.