Are you in the mood for love, but forgotten what love is?
Valentine’s Day is a day when people of all ages express their “love” towards people very close to them. Elementary schools are engaging in Valentine’s day activities, and some of us even go to the lengths of wearing as much red as possible. The feeling of love, need, and affection is a wonderful emotion to have, but those of us who may not have that special someone may fall victim to a not-so-special someone.
CNBC reports that Valentine’s Day and the days leading up to the holiday are ripe for online scams. The type of scams that run rapid are what some people may know as “Catfishing”. This is when you develop an online relationship with someone who is pretending to be another person, or duping you into believing something that is not true. Like money troubles.
These types of scams are difficult to identify because many virtual or semi-virtual (face-to-face only 1 or 2 times) relationships revolve around trust. The person being scammed may not even know they are being scammed. For instance: A person met someone online. Met this person at a coffee shop or bar 1 or 2 times. Gives a story about how they moved out of the area, but really had a great time and want to keep in touch. They continue a virtual relationship with several emotional, but non-sexual exchanges remotely. Then, they start the probing to determine if you will start paying their bills by elaborating on personal troubles and exaggerating hardships to encourage financial support, as well as the dozen flowers you sent on Valentines’s day!
Fake websites selling Valentine’s day gifts are also popular right now. These sites may be on the top of search engines, or a banner on reputable site. They redirect you to another site for you to enter your credit card information. Webroot found a 220% increase in malicious URL’s before Valentine’s day last year.
Romance fraud exceed $230 million in 2016, and represents most financial losses of all internet crimes. This was reported by the FBI.
As cyber security professionals, sometime we don’t think about “catfishing” as a potential problem. Is it in our scope of work to identify if the CFO just got divorced and is using a dating website that may be filled with these scammers? If we were to use FIPS 199 on our employee assets, and conducted a risk assessment on our human resources, would the CFO be a “HIGH” and would the risk assessment include his divorce and/or dating website involvement? These are rhetorical questions, but the point is that we should be conscious of the largest internet scam in 2016.