Love letters from Necurs botnet and other Valentine’s Day scams

by Alice Woods - - 2018-02-13

Scammers are not looking for love; they are looking for your personal information and money

We all know that there’s nothin saint for cybercriminals. Thus, Valentine’s Day is not an exception. Each holiday season inspires crooks to take advantage of naive or inattentive computer users. In January, criminals are targeting people who are looking for love or want to surprise their significant others with special gifts.

According to FBI,^[1] in 2016, financial loses from the romance scams reached $230 million. However, the number might be higher because not all victims reported about the accident. This love season security specialists warn about these Valentine’s Day scams to watch out in 2018:

an increase of bots and scammers in dating websites or Tinder that are willing to establish a strong connection to swindle the money for love-seeking people;
receiving a letter from a dating website or a person who is interested in meeting you;
delivery of fake Valentine’s day gift cards, shopping offers or discount coupons that might hide malicious components or redirect to scam website;
malicious URLs, fake content or suspicious ads on e-card websites;
receiving a fake receipt, invoice or parcel delivery failure email that asks to confirm credit card details or other sensitive information.

Security experts recommend not to rush to fall in love with a soulmate you met online. Always do a background check to make sure that you are chatting with a real person. Additionally, you should watch out for fake dating sites like WordsOfHearts.com which is used for getting your password only. Developers of this highly suspicious website offer to find people who use the same password:

We believe that something as intimate as your password best describes your inner self.

Nevertheless, it might seem like a fun game for you; you should not register and fall for this phishing scam, especially if you are still using the same password for all your accounts.

Necurs botnet tries to help Russian women to find love in the U.S

One of the most famous active botnets – Necurs – started actively pushing a new spam email campaign in the middle of January 2018. However, this time it’s not about a new version of Locky, Globe Imposter or Scarab ransomware viruses.^[2] This month even botnets spread a little bit of feelings.

This month Necurs send over 230 million romantic spam emails where Russian women Kseniya, Arina or Veronika^[3] giving compliments to men and offering to get in touch. Letters from them slightly differ. However, they have the same idea:

Hello, my name is Veronika and i’m writing you to tell you that you are super cute. I myself am from Russia, but currently living in the USA. Two weeks ago I came across your photos on Badoo and decided I must write to you 🙂 You are super cute and I want to get to know you better! If you have the same, email me, this is my email [redacted] and I will send more information about me, also my photos. Kisses, Veronika.

Typically spam emails are very poorly written. However, this time bots are quite fluent in English. These mistakes can be tolerated because Veronika is from Russia. However, the red flag is that she wants you to reply to a different email. The provided email address in the letter is not the same as a sender’s.

Nevertheless, these emails do not contain any malicious content; trying to know Veronika, Arina or Kseniya might not end up good. Researchers warn about similar romantic email scams that were used for blackmailing people.

Once you start chatting with them, you might be asked to send revealing pictures and later she might blackmail you: if you do not pay the money, your photos will be published online. However, scammers might use simpler tricks to ask for money or infect computers with malware.

Other examples of Valentine’s Day scams 2018

Scammers also use old tricks to get user’s personal information, sign up for more spam emails or install malware. One of those scams might show up in your inbox telling that the flower bouquet cannot be delivered unless you enter your credit card information.^[4]

However, instead of getting a beautiful bouquet of roses, you will let cybercriminals to do a little bit of shopping using your credit card. Thus, if you haven’t ordered any flowers or other Valentine’s day gifts, you should not bother checking the information provided in such email.

Receiving, sending or even looking for e-cards this season might be dangerous too. The statistics tell that a week before Valentine’s day the increase of malicious domains increase up to 220 percent.^[5]

We recommend being careful with emails or links received on social networks that tell that your friend or lover sent you a Valentine’s Day card. Clicking those links might end up with malware attacks.

About the author

Alice Woods - Likes to teach users about virus prevention

Alice Woods is the News Editor at 2-spyware. She has been sharing her knowledge and research data with 2spyware readers since 2014.

Contact Alice Woods
About the company Esolutions

References

^ Romance Scams . FBI. The official website.
^ Julie Splinters. Scarab ransomware virus. How to remove? (Uninstall guide). 2-spyware. Security and spyware news.
^ Limor Kessem. Necurs Spammers Go All In to Find a Valentine’s Day Victim. Security Intelligence. Latest security analysis and insights.
^ Jessica Dickler. Watch out for these Valentine’s Day scams. CNBC. News website.
^ Tyler Moffitt. Tyler Moffitt. Webroot Threat Blog. Cybersecurity tips and industry insights.