Blog
← Back to Blog
February 14, 2017 cybersecurity

Love Is in the Air. So Are Romance Scams.

Valentine themed technology concept

Happy Valentine's Day. Before you click on that e-card from your "secret admirer," let's talk about the cybersecurity implications of the most romantic day of the year.

I'm fun at parties, I promise.

The Valentine's Day Threat Landscape

Every holiday brings themed cyber attacks. Valentine's Day is no exception. Here's what spikes this time of year:

Romance-Themed Phishing

Fake e-cards, fake flower delivery notifications, fake "someone has a crush on you" messages. All designed to get you to click a link or open an attachment. The emotional appeal of Valentine's Day makes these more effective than your average phishing email. Nobody wants to ignore a Valentine.

Fake Vendor Invoices

If your practice orders flowers for the front desk or chocolates for patients, expect scammers to send fake invoices from florists and gift companies. They look legitimate, they're for plausible amounts, and they arrive in the pile of real invoices that your billing staff is processing.

Romance Scams Targeting Employees

The FBI reported that romance scams cost Americans over $230 million in 2016. These aren't just personal problems. Employees who are being victimized by romance scams may be distracted at work, may be accessing dating sites on work devices, or in extreme cases, may be manipulated into sharing company information or transferring business funds.

The Social Engineering Angle

Valentine's Day is really about social engineering, which is just a fancy term for manipulating people into doing things they shouldn't. And that's exactly what cyber attackers do every day, holiday or not.

Social engineering works because it exploits human emotions: curiosity (who sent me a Valentine?), fear (your account has been compromised!), urgency (act now or miss out!), and trust (this email is from your boss).

The best defense against social engineering isn't technology. It's awareness. When your team knows what to look for, they're much harder to trick.

Quick Tips for Today

  • Don't click e-cards from unknown senders. If someone really sent you a Valentine, they'll find a way to let you know.
  • Verify unexpected invoices. Especially from florists, gift companies, or any vendor you don't have a regular relationship with.
  • Remind your team. A quick email or Slack message: "Hey, Valentine's Day phishing is a thing. Be extra careful with romantic-themed emails today."
  • Keep personal browsing off work devices. If employees are shopping for Valentine's gifts or browsing dating sites on work computers, they're exposing your network to risk.

Now go enjoy your Valentine's Day. Just don't click anything suspicious while you do it.