Cupid is getting ready to shoot his arrows, but if love-struck consumers aren't careful, they'll get hit with more than red hearts, chocolates and "I love yous."
Valentine's Day offers Internet con artists a great cover for their illegal craft. According to data from security researcher McAfee, the percentage of spam emails containing the word "Valentine" in the subject header rose dramatically last year between Jan. 20 through Feb. 7.
Using love as a lure, scammers sweet-talk their victims out of personal information -- everything from phone numbers and credit card information to details about their friends and crushes. "The thieves are looking for credit card information, or your username and password to use on other sites to make purchases," says David Marcus, director of advanced research and threat intelligence for McAfee.
Those who fall prey to these less-than-cherubic fraudsters may also unwittingly download malware disguised as a love song, romantic picture, or some other heart-be-still goodie supposedly sent from a loved one -- software that, once downloaded, can be used to remotely gain control of the user's computer.
Here's some of the Valentine's Day scams lovers should be on the lookout for:
Social Media Scams
Internet thieves using social media for their Valentine's Day scams were out in force last year, according to security firm researchers.
Facebook users were duped by Valentine's Day scammers who tricked them into clicking on links they believed came from friends who'd posted messages on their walls, says Chester Wisniewski, senior security adviser for Sophos. "The exposure on social media is fast. If you have 500 friends who see the message on your wall, they're tempted to click on it because they think it came from you," he says.
In this case, the evil link professed to indicate who your Valentine would be in 2011, or promised to deliver instructions on how to post a heart or love poem on your lover's wall. This example of the scam was posted on Sophos' blog last year:
In the case of the Facebook "Valentine's Day" and "Special Valentine's Day" rogue apps, those who clicked on the links saw a bogus splash screen that asked for permission to post status messages to their wall and glean basic information about them. The conniving cupids would also display a "Facebook anti-spam dialog box," which in actuality was a survey form from a company that paid commissions to the scammers for each one filled out.
Each time a user posted the rogue app to his wall, his friends would unwittingly help spread the scam at rapid spreed, Wisniewski says.
Valentine's Day Scams Snuck into Searches
When looking for gift ideas for Valentine's Day, where do you start your search? A search engine, of course. And that can lead to trouble, says Marian Merritt, Norton's Internet safety advocate.
It turns out Internet thieves know this, too. They create bogus websites they hope you'll land on after pulling them up with the search results, Merritt says. "They'll steal your credit card information but never deliver the goods."
V-Day Spam and Phishy E-cards
Another ploy scammers use is the promise of astronomical discounts on everything from flowers to Rolex watches, warns McAfee's Marcus.
In most cases, clicking on a scammer's link will take a user to a fake website where these cunning cupids ask for credit card information or usernames and passwords to be used on other sites.
Valentine's Day e-card scams, meanwhile, tend to be successful where users are asked to click on a link to send an e-card or to view an e-card after filling out a form. Filling out that form, Marcus says, gives the so-called bad guys more personal information about the lovelorn user that they can try to later use to enrich themselves.
Don't be heartbroken: How to protect yourself
- Before clicking on a link or downloading an app from a friend's page, check out software security sites such as Sophos, McAfee, or Symantec to see which Valentine's Day scams are making the rounds on social networking sites.
- If an email or advertised offer sounds too good to be true, it probably is. Don't click on any links you suspect. Also, take an especially skeptical look at the grammar and punctuation used in that spam email offering a "rOLex" watch for your loved one.
- Want to send an e-card? Seek out a legitimate source for it by proactively going to branded websites that offer such Valentine's Day poems or e-cards, such as BlueMountain.com, Hallmark.com or Americangreetings.com.
- When using search engines to hunt for Valentine's Day items, be as specific as you can -- include brand names and trusted manufacturers. Also, scrutinize URLs and everything on the page if you are directed to an unfamiliar website.
Motley Fool contributor Dawn Kawamoto does not own stock in any of the companies mentioned. However, she is heavily invested in Valentine's Day and the notion of romance.