New Valentine’s Day Related Domains by Week

In January, CPR witnessed a 152% increase in new domains registered, compared to December. This year, 6% of the new domains were found to be malicious and 55% were found to be suspicious. In the past month, 1 out of every 371 malicious emails were related to Valentine’s Day.

Valentine's Day malicious domains

Express your love with roses (while hackers steal your private credentials)

CPR found an example of a phishing scam focused on buyer fraud. The malicious phishing email used “The Millions Roses” branding to lure victims into purchasing gifts for Valentine’s Day. In the following example, the fraudulent email (see figure below) was sent from a spoofed address. The fraudulent email listed a company address that was different from the legitimate “The Million Roses” brand. This is a sign that the email is from a dubious source, and the website is fake. Anyone who clicked on the link in the email (https://firebasestorage[.]googleapis[.]com/v0/b/simo-71947[.]appspot[.]com/o/Dooring[.]html?alt=media&token=f39a49dd-96fd-4040-a3ba-de80ccc606eb) would have been redirected to a fraudulent malicious link, currently inactive, (https://jbrbro[.]page[.]link/doorring) which tried to imitate “The Million Roses” website.

Subject: Give your Valentine an unforgettable Valentine’s Day Gift.

Valentine's Day malicious domains

Phishing is the most common type of social engineering

Phishing attacks occur when malicious actors send messages pretending to be a trusted person or entity. Phishing messages manipulate users into performing actions like installing a malicious file, clicking on a malicious link, or divulging sensitive information such as login credentials. Social engineering is an increasingly common threat vector used in almost all security incidents. Social engineering attacks, like phishing, are often combined with other threats, such as malware, code injection, and network attacks. Furthermore, phishing is the number one cause of ransomware. Since these attacks are specifically designed to exploit the human nature of wanting a good deal, it is extremely important to prevent these attacks from ever reaching their desired victims – because just one “wrong click” can cause tremendous damage.

How do you avoid falling victim to phishing scams? Here is what we recommend to spot the signs and stay protected:

Threats or a Sense of Urgency – Emails that threaten negative consequences should always be treated with skepticism. Another strategy is to use urgency to encourage or demand immediate action. Phishers hope that by reading the email in a hurry, they will not thoroughly scrutinize the content and will not discover inconsistencies.

Message Style 
– An immediate indication of phishing is when a message is written with inappropriate language or tone. For example, if a colleague from work sounds overly casual, or a close friend uses formal language, this should trigger suspicion. Recipients of the message should check for anything else that could indicate a phishing message.

Unusual Requests
 – If an email requires you to perform non-standard actions, it could indicate that the email is malicious. For example, if an email claims to be from a specific IT team and asks for software to be installed, but these activities are usually handled centrally by the IT department, the email is probably malicious.

Linguistic Errors
 – Spelling and grammar errors are another sign of phishing emails. Most companies use spell check, so these typos should raise suspicion because the email may not originate from the claimed source.

Web Address Inconsistencies – Another easy way to identify potential phishing attacks is mismatched email addresses, links, and domain names. It’s a good rule of thumb to always cross reference previous communication with the email address.

Recipients should hover over a link in an email before clicking it to confirm the actual link destination. If the email is believed to be sent by The U.S. Postal Service, but the domain of the email address does not contain “”, that is a sign of a phishing email.

Request for Credentials, Payment Information or Other Personal Details
 – In many phishing emails, attackers create fake login pages linked from emails that appear to be official. The fake login page typically has a login box or a request for financial account information. If the email is unexpected, the recipient should not enter login credentials or click the link. As a precaution, recipients should directly visit the website they think is the source of the email.


ALWAYS be suspicious of password reset emails: By sending a fake password reset email that directs you to a lookalike phishing site, attackers can convince you to type in your account credentials and send those to them. If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password).

Never EVER share your credentials: Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. As a result, phishing attacks are designed to steal login credentials in various ways

BEWARE of too good to be true buying offers: as they are really too good and not true… An 80% discount on a new iPhone or an item of jewelry is usually not a reliable or trustworthy purchase opportunity.

ALWAYS verify you are ordering online from an authentic source: Do NOT click on promotional links in emails, instead Google your desired retailer and click the link from the Google results page.