This coming Friday is St Valentine’s Day and cybercriminals all over the world are rubbing their hands together with glee at the harvest they intend to reap. Developments in artificial intelligence and the widespread availability of off-the-shelf cybercrime software have enabled a new generation of cyber-scams specifically designed around St Valentine’s Day.
In the recent past, cybercriminals typically used February 14th as an excuse to introduce themselves to lonely people with a view to patiently winning their victims’ trust in the short-term and cruelly robbing them of their savings in the longer term.
But improved technology has speeded up the process 100-fold, while also putting even the best-defended companies at significant risk from cybercriminals. With fewer people bothering to purchase physical greeting cards delivered by the postal services, nicknamed “snail mail”, the last couple of years have seen the growth of digital greeting cards sent as email or WhatsApp attachments.
St Valentine’s Day was originally introduced by the Catholic church to replace the pagan Roman festival of Lupercalia, which celebrated the coming of spring with a ritual in which men and women were paired off by choosing names from a jar. This element of anonymity has survived in the tradition of sending Valentine’s cards or gifts without revealing the sender’s identity.
Weaponized digital St Valentine’s Day cards
This has enabled cybercriminals to send weaponized digital Valentine’s Day cards to prospective victims in the knowledge that they will generally click on them out of curiosity. The digital cards appear to be genuine but actually contain invisible malware capable of enabling even relatively unskilled cybercriminals to strip their victims bank accounts and compromise them in numerous other ways.
By sending the weaponized cards to selected key members of staff via their work email, cybercriminal gangs can also use the weaponized cards to crack corporate defenses. The targeted employee clicks on a digital Valentine’s and smiles at the flattering message, unaware that they have just handed over the keys to the corporate kingdom to cybercriminals.
Variations of the scam can also include bogus offers of astonishingly low-cost flower deliveries or romantic weekends away. Again, once the hapless victim clicks on the too-good-to-be-true offer, invisible malware is injected into their digital device.
Fraudsters now are increasingly taking advantage of generative artificial intelligence (AI) and deepfake technologies to support the generation of text, images, and other content based on publicly available data on social networks and corporate websites. In the run-up to this Friday, St Valentine’s Day, companies should make their staff particularly aware of the risk of opening any images or attachments that come from an unverified or suspicious source.