Security researchers warn against cyber scams on Valentine's Day
While 14 February is celebrated as Valentine’s Day globally, and is a time for celebration with loved ones, the occasions also seems to be an opportunity for cybercriminals who insist on participating actively and spoil all the fun. Of the recent scams that can be an eye-opener for all, cybersecurity firm Sophos on Tuesday warned users two fake crypto romance apps — Ace Pro and MBM_BitScan — that successfully bypassed Apple’s security protocols.
MBM_BitScan is also an app for Android, but it is known as BitScan on Google Play. Sophos said that it has notified both Apple and Google about fraudulent apps on their platforms and both have removed the fraudulent apps from their respective stores.
In a scam detected by Sophos, the scammers created and actively maintained a fake Facebook profile of a woman depicted as living a lavish lifestyle in London. The scammers used this to build a rapport with the victim before suggesting that they download the fraudulent Ace pro app, it said.
Sophos researchers believe that the app got around App Store security by connecting to a remote website when it was originally submitted for review. This domain included code for QR scanning to make it look legitimate to reviewers. But once the app was approved the scammers redirected the app to an Asian-registered domain. That domain then sends a request to get content from another host, which ultimately contains the fake trading interface.
Checkpoint researchers have also warned users against cyber crooks on the occasion of Valentine’s Day. In its 2023 Cyber Security report released on Monday, it noted since the beginning of February, approximately 1 in every 1,000 emails relating to Valentine’s Day was found to be malicious or suspicious.
Researchers found that in January, a total of 12,441 new domains were registered containing the terms “Love” or “Valentine” in their name. This is a 54% increase compared to the average in the previous three months, significantly higher than the overall increase in new domains in this period, which stood at 36%.
The trend continued in February where in the first week alone, there were more than 2,900 such new domains that were registered. Check point researchers also noted that with the rise of new artificial intelligence (AI) tools like ChatGPT, AI is emerging as a useful and widespread tool to leverage to trick people into giving away sensitive information or visiting malicious websites.
To stay out of such scams, Check point researchers said that if there is a suspicious link, attachment, or request for a reply, users should not click, open, or send it. Also after reporting, users should delete the suspicious email from their Inbox, they said.
A separate study by cyber security firm Norton released last week, in partnership with The Harris Poll and involved 1,000 Indian adults further revealed that online dating and romance scam victims reported a loss of ₹7,966 on an average in India and two-thirds of Indian adults (66%) have fallen victim to an online dating/romance scam in the last six months.
The survey findings reveal that 79% of Indian adults who have used a dating website/app claimed to take some kind of action after matching with a potential partner online, with 49% looking up their social media profile, 32% looking up their profile on a professional networking site, 27% looking up their friends or family on social media, 26% typing their name into a search engine, and 22% paying to run a background check on them.