San Valentino non è sempre pieno di amore. A gennaio sono stati registrati 12.441 nuovi domini contenenti i termini “Love” o “Valentine” nel loro nome. Si tratta di un aumento del 54% rispetto alla media dei tre mesi precedenti, nettamente superiore all’aumento complessivo dei nuovi domini in questo periodo, che si è attestato al 36%.
Nell’ultimo mese, le pagine web contenenti Love o Valentine (indipendentemente da quando sono state create), che sono state effettivamente visitate o ricevute come link, hanno avuto una probabilità doppia di essere trovate dannose rispetto alla media generale.
Il trend è proseguito a febbraio: solo nella prima settimana sono stati registrati oltre 2.900 nuovi domini di questo tipo. Di questi nuovi domini recenti, circa 1 su 10 è risultato potenzialmente pericoloso, in base al contenuto sospetto incluso o per via dell’URL leggermente diverso.
Le cose “gratis” possono, alcune volte, costare molto
All’inizio di febbraio Check Point Research (CPR), la divisione Threat Intelligence di Check Point Software, ha trovato una campagna e-mail dal nome “Il tuo regalo di San Valentino è arrivato!” inviata da più mittenti con indirizzi come info-tuB@untdstatdropromuniflamtionDZprQdIWz.com e con il nome del mittente “Ace Hardware Reward” o “Home Depot”.
Il contenuto dell’e-mail (sotto l’esempio) mostrava l’immagine di una carta regalo con un link a un sito web (wwwcjoint.com) registrato nel dicembre 2022. Attualmente il dominio è bloccato (non contiene alcun contenuto reale), ma potrebbe essere già stato utilizzato il giorno dell’invio delle e-mail, molto probabilmente per raccogliere informazioni sugli utenti o sui pagamenti.
(Di seguito una guida su come riconoscere le e-mail di phishing)
How to Recognize Phishing Emails
Phishers use a wide range of techniques to make their phishing emails look legitimate. These are some of the most commonly used techniques, which can be used to identify these malicious emails, some of which are commonly used in such festive scams including for Valentine’s Day.
For the Love of AI Phishing
With the rise of new AI tools like ChatGPT, AI is emerging as a useful and widespread tool to leverage to trick people into giving away sensitive information or visiting malicious websites.
One of these ways includes phishing scams where chatbots can be programmed to send messages that appear to be from a trustworthy source, such as a romantic interest or an online retailer offering special deals. The message might contain a link that leads to a fake domain website designed to steal personal information, such as login credentials or credit card numbers.
Basically, lookalike domains are designed to appear to be a legitimate or trusted domain to a casual glance. For example, instead of the email address boss@company.com, a phishing email may use ‘boss@cornpany.com’ or ‘boss@compаny.com’. The first email substitutes rn for m and the second uses the Cyrillic ‘ɑ’ instead of the Latin ‘a’. While these emails may look like the real thing, they belong to a completely different domain that may be under the attacker’s control.
Phishers may also use fake but plausible domains in their attacks. For example, an email claiming to be from Netflix may be from ‘help@netflix-support.com’ to highlight new romantic programs added during this season. While this email address may seem legitimate, it isn’t necessarily owned by or associated with Netflix.
Love Scams: Chatbots can be used to impersonate potential romantic partners, leading people to believe they are in an online relationship. The chatbot might ask for money or sensitive information, such as a social security number or home address, under false pretenses.
Greeting Card Scams: Chatbots can be programmed to send automated messages that appear to be from friends or family members, offering Valentine’s Day greetings or virtual cards. The message might contain a malicious link that installs malware or infects the recipient’s device.
Loving all things new – Unusual Attachments
A common goal of phishing emails is to trick the recipient into downloading and running attached malware on their computer. For this to work, the email needs to carry a file that can run executable code.
As a result, phishing emails may have unusual or suspicious attachments. For example, a supposed invoice for purchased flowers to send to your lady/male love may be a ZIP file or an attached Microsoft Office document may require macros to be enabled to view content. If this is the case, it is probable that the email and its attachments are malicious.
The Language of ‘Love’ – Incorrect Grammar or Tone
Often, phishing emails are not written by people fluent in the language. This means that these emails can contain grammatical errors or otherwise sound wrong. Real emails from a legitimate organization are unlikely to have these mistakes, so they should be a warning sign of a potential phishing attack. However, with the emergence of new AI tools such as ChatGPT, cybercriminals are using such tools to instead craft such malicious emails in near perfect language, which makes being aware and vigilant all the more essential.
Another tell-tale sign to look out for are emails with the wrong tone or voice. Companies, colleagues, etc. talk and write in a certain way. If an email sounds too formal or too informal, stilted, or otherwise odd given its sender, then it might be a phishing email.
Suspicious Requests
Phishing emails are designed to steal money, credentials, or other sensitive information. If an email makes a request or a demand that seems unusual or suspicious, then this might be evidence that it is part of a phishing attack.
