Ah, Valentine’s day. That special day when we open our hearts (and our wallets) to show our loved ones how much they mean to us. The National Retail Federation estimates that U.S. residents alone will spend nearly $20 Billion on Valentine’s Day gifts, with nearly 30% of shoppers making at least one online purchase (1). As you can imagine, this holiday presents a sweet opportunity for cyber scammers who want to get in on the action. By using a technique commonly referred to as “social engineering”, cyber criminals hope to sweet talk you out of your money this Valentine’s Day.
What is social engineering? In the context of cyber security, social engineering is often defined as the psychological manipulation of people to make them perform acts or divulge secret information. Often, cyber criminals use emotional appeals to trick computer users into opening an email attachment or clicking a link. The theory is that, even computer users who know better will open an email from someone professing their “Love”. The world famous (or infamous) “ILOVEYOU” virus of the early 2000’s is a great example of this approach…millions of people opened an email attachment titled “LOVE-LETTER-FOR-YOU” which turned out to be a nasty virus. Ah, the things we do for love….
As disruptive as the ILOVEYOU virus was, modern day social engineering threats are more sophisticated and can be far more damaging to business and individuals. Valentine’s Day presents a unique opportunity for criminal scammers to utilize social engineering techniques; from the basic Phishing email asking you to click on a “special” Valentine’s Day card (and by special, I mean “malware infested”), to con-artists using dating websites and social media to manipulate those who are looking for love in all the wrong places. These attacks often result in stolen information such as bank account or credit card numbers and can be financially devastating to the victim. According to the FBI’s annual Internet Crime Report, nearly 280,000 complaints of cyber-crime were reported for the year 2016, with victim losses totaling S1.33 Billion. And these are just the reported incidents.
How can I be safe? Should I swear off love forever?
Fear not. While the threats are as thorny as a rose and as varied as a box of chocolates (see what I did there?), there are things you can do to avoid being a victim of a cyber scam. While it is critical to have great tools such as Anti-Virus and Anti-Spam to help block threats from entering your network, the most important defense against any type of cyber-threat is end-user knowledge. By some estimations, nearly 90% of cyber-attacks are a result of human error (2). Put another way, nearly 90% of cyber-attacks can be prevented with end user education. Many organizations are utilizing cyber threat education services, such as that provided by 4QuartersIT, as part of their ongoing employee training. Our cyber threat education service teaches end users how to identify and avoid different types of threats, provides periodic testing of employee awareness, and provides annual security risk reports which can be used to develop organizational security policies.
As long as humans with our human emotions operate computers, cyber-criminals will use social engineering to manipulate and deceive. Being aware of the types of tricks these scammers use around Valentine’s day (and the other 364 days of the year), and staying one step ahead of them is the best way to avoid ending up with a broken heart and an empty bank account.