Why Not Just Call It Val-oween!

Posted February 2, 2015

ThreatMetrix Tips for Avoiding Valentine’s Day Disasters Like the 20 Million Accounts Hacked on a Russian Dating Site TopFace Valentine’s Day (February 14)  is the only holiday between Super Bowl Sunday and St. Patrick’s Day. Of course, there’s President’s Day, but would anybody notice if they just dropped the “President” and made it “Sales Day?” Anyway, the point is Valentine’s Day is a big deal. But you already knew that, especially if you neglected to buy a token of your affection — candy, a rose, champagne, a diamond-studded necklace. Or if you were a third grader and got the fewest Valentine’s Day cards in your class, even less than the kid who never wiped his nose and sprayed when he talked. But, we digress. Social website hacked Okay, cybercriminals of every shade of crooked are going to be out there doing their level worst to turn Valentine’s Day into Halloween. The latest horror tale comes from the Russian dating site TopFace, which, according to Elena Holodny on businessinsider.com (link to article), had 20 million accounts hacked. The thief, who went by the moniker, “Mastermind” put the accounts up for sale on an underground site. Daniel Ingevaldson, whose company discovered the hack, said “such personal information usually sells quickly, to fraudsters who use automated software programs to find sites where people used the same information they did to access the dating site.” Holodny writes “Hackers have been increasingly targeting social media websites to steal usernames and passwords, in order to try and break into electronic-payment and mobile-payment accounts.” ThreatMetrix tips According to the National Retail Foundation, projected spending for Valentine’s Day 2015 will be $18.9 billion, up from last year’s whopping $17.3 billion. With cybercriminals looking to take their cut, ThreatMetrix offered tips and strategies for businesses and consumers to keep from being scammed.

  • Be Wary of Red Flags in Dating Profiles – Cybercriminals often create fake profiles with fraudulent information to lure users into sharing personal information or wiring money. Red flags include a prospective date claiming to be an alumnus of an Ivy League school, yet he or she has poor grammar. Another warning sign is a dating match claiming to be located in another country, such as Nigeria, and asking the user to wire money for return travel.
  • Download Mobile Apps from Legitimate Sources – Consumers should only download from official app stores to protect against cybercriminals compromising personal information or downloading malware onto mobile devices.
  • Use Caution with Location-Based Mobile Apps – Many of today’s mobile dating apps are location-based by city or state. Sharing one’s location offers cybercriminals and crazies one piece of the puzzle towards compromising an identity.
  • Evaluate Privacy Policies – Make sure mobile apps and dating sites encrypt data and don’t shared data with third party sources, such as for marketing or sales purposes. Of particular concern are apps that don’t encrypt information in transit that can be easily intercepted on public Wi-Fi. Also, perform a Web search to see if the dating site of interest has experienced issues with cybercrime in the past.

“Around Valentine’s Day, consumers and retailers must take the same preventative measures as other peak shopping holidays including Black Friday and Cyber Monday,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Retailers must implement strategies to protect against malware attacks, account takeover and payment fraud. At the same time, consumers should only make purchases from legitimate e-commerce websites and refrain from using the same login information across websites.”



close btn