Valentine’s Day is here and love is in the air – and cyber criminals are trying to take advantage by duping people with millions of spam e-mails.
More than 230 million Valentine’s Day spam messages have been sent out since mid-January, a huge 90 per cent of all spam sent in that period.
Researchers at IBM – known as the X-Force team – found that in excess of 30m email messages are being sent out each day containing short email blurbs from supposed Russian women living in the US.
These are typical of the messages that are sent out to unsuspecting victims:
John Kuhn, a senior threat researcher at IBM X-Force, said the messages were likely part of a catfishing scam.
“Catfishing is the methodology of an attacker fabricating an online persona to lure or trick people into romantic relationships over time,” he told BusinessCloud.
“Often, this leads to extortion scams, asking the victim to share revealing photos and threaten to release them until a payment is made.
Attackers may also ask for money transfers to their accounts to come visit, or simply infect the victim’s computer with malware.”
The spam was sent from roughly 950,000 different IP addresses using the Necurs botnet, which is believed to control up to six million ‘zombie bots’ – private computers around the world infected with malicious software and controlled as a group without the owners’ knowledge.
A recent report by Actionfraud.police.uk found that 3,557 victims fell prey to romance scams in 2017, losing a total of £41m.
IBM researchers said that “with 99.999 per cent certainty, any unsolicited email looking for a love connection is nefarious”.