Valentine’s Day: be wary of online romance

Security Awareness
14 February 2024
I consigli pratici di Cyber Guru
Non usare strumenti di lavoro per pubblicare contenuti personali sui social media, prassi che fa parte delle abitudini quotidiane, e rappresenta uno dei punti deboli di molte aziende, per via dell’uso promiscuo degli strumenti di lavoro, come PC e smartphone, che spesso custodiscono documenti riservati. Bisogna quindi essere rigorosi sull’utilizzo degli strumenti di lavoro, senza prestarli, e tenendoli separati da quelli personali potrà già costituire una prima difesa.
Dubitare delle coincidenze: i cyber criminali adottano comportamenti reali, simulando avvicinamenti casuali, senza malizia né eccessivo interesse. Instillare fiducia e creare un’intimità con la vittima richiede tempo, pazienza e molta empatia, e già questo approccio può far suscitare dei dubbi. Le coincidenze poi iniziano ad essere tante: stessi gusti, stesse abitudini, stessa linea di pensiero. Una sintonia quasi perfetta…e proprio per questo sospetta.
Prima di stabilire un contatto, i cyber criminali fanno ‘social engineering’. In altre parole, studiano le loro prede osservando i like e i commenti ai post degli altri utenti per farsi un’idea delle loro abitudini, dei loro desideri e delle loro speranze. Occorre quindi essere vigili e, oltre a chiedersi se gusti così simili non siano frutto di informazioni recuperate facilmente online, valutare sempre con attenzione quello che postiamo.
Come smascherarli: conviene diffidare di una persona sconosciuta, soprattutto se single, che si presenta con una situazione economicamente solida, impegnata in studi importanti o con un buon lavoro e che vive all’estero. Un’ulteriore prova può essere il fatto che il/la corteggiatore/trice non sia disponibile  per un incontro dal vivo. Utile verifica: si può caricare la foto profilo del corteggiatore nel motore di ricerca Google Immagini per verificare che non appartenga ad altri utenti.
Proteggere i propri device: sia professionali che privati, scaricando gli aggiornamenti quando sono disponibili, mantenere i propri profili social privati e non condividere informazioni o file che potrebbero rivelare dettagli personali o dati sensibili, anche indirettamente, come ad esempio postare una foto che mostra la via di casa o il momento della partenza per le vacanze.
Cosa non bisogna mai fare? È meglio evitare di cliccare su link o di aprire un bigliettino digitale di auguri di San Valentino, se arriva da un sconosciuto.

Valentine’s Day: scams that target the heart

After all, everyone likes romance.
Even the most cynical of people, those who pretend to snub it, but who ultimately would also like to live, at least for a day, in the midst of a pink cloud full of little hearts. This is why Valentine’s Day, which is celebrated on 14 February, is a celebration that withstands time and social changes. Of course, it has undergone several transformations over the years.

Before combining this celebration with the theme of cybersecurity, let’s brush up on its history. Valentine was a martyred bishop born in Terni, in 176 A.D. Legend has it that he was the first to celebrate the union between a Roman legionary and a Christian woman, and for this reason he was chosen as the patron saint of lovers.

The custom of exchanging messages and love letters on this day dates back to the fifteenth century, when Charles, the Duke of Orleans, while imprisoned in the Tower of London, wrote love notes to his wife, calling her “sweet Valentine”, inspired by a line from Shakespeare. In Hamlet, in fact, Ophelia says:

“Tomorrow is Saint Valentine’s day, / All in the morning betime, / And I a maid at your window, / To be your Valentine.”

For several years now, messages and communications on social media have replaced the letters of the past. This change has increasingly opened the door to cybercrime, which seizes every event, celebration, and holiday to infiltrate human weaknesses and cash in on them. And Valentine’s Day is certainly not a holiday that hackers can ignore.

So much so that, according to a BioCatch study, scams involving romantic relationships increased by 19% worldwide last year. The technique adopted by criminals is to steal photos of attractive people and create fake profiles on dating apps or social media platforms.

These scams can take different forms: sometimes a single person develops a relationship with the victim over a long period of time and then asks for money for whatever reason, including for the trip that will serve to allow them to meet and celebrate this new love.
In other cases, there are elaborate schemes involving multiple people faking love interests and then drawing victims into money laundering, cryptocurrency, or gift card scams.

Although the methods used by scammers have evolved over time, the results remain the same: people are left penniless and heartbroken.

Some regions have seen a particularly noticeable rise in cases. In the case of North America, a rise of 183 percent, and in that of the Asia-Pacific region, a rise of 104 percent. Particularly in the U.S., according to the Federal Trade Commission, in 2022 almost 70,000 Americans lost a record $1.3 billion due to love scams, a dizzying increase of 138% compared to $547 million in 2021.

Phone calls and messages were the preferred communication channels for scams, while Facebook and WhatsApp were the most popular platforms for scammers, according to a report by the Global Anti-Scam Alliance.

To make matters worse, there is a certain reluctance to report these scams due to fear of showing one’s more vulnerable side, and in fact only 59% of those who were affected reported to law enforcement that they had been the victim of this type of scam.

The most affected age groups were those aged between 55 and 64, with an increase in 2023 of almost 49% compared to the previous year. Those who suffered the worst losses, however, were people between the ages of 65 and 74.

Valentine’s Day in the age of artificial intelligence

The latest findings of artificial intelligence are superimposed on this chaos of situations that are connected to sensitive subjects, such as romantic ones. These findings are used to create profiles of people, mostly women, with the perfect features and physique, which attract thousands of followers, but which do not really exist. They are pure virtual fiction.

Among these is the Spanish AI model Aitana Lopez who, thanks to her social media business, manages to earn about ten thousand dollars a month, or Emily Pellegrini, the AI influencer who has won the hearts of many VIPs and footballers who have sent her private messages, thinking she was real, or Rebecca Galani, who arrived in Italy a few months ago. Rebecca has already gained over 15,000 followers, who were charmed by her blonde beauty and her glamorous life, and are willing to pay for the very explicit content she offers.

Rebecca Galani, the first Italian model generated by artificial intelligence

Rebecca also presents a novelty compared to her “colleagues”: a phrase that appears in her Instagram bio: “Ask me what you want, I answer through AI-bot”. This is a function that consists of the possibility of using direct messages, as is done with ChatGPT. So much so that Wired tried out a chat with her.

What we saw in the film Her, released in 2013 and starring Joaquin Phoenix, and which for many seemed to go too far in telling the story of the relationship between a man and a machine, instead became a reality sooner than we imagined.

Although it might be considered sad and desperate, there is nothing wrong with it if this is a conscious choice.
The problem arises when you exchange a virtual image with a real person and make both an emotional and economic investment. Finding out the truth can be a really rude awakening.

How can you defend yourself?

It’s simple: by getting smarter on the web, learning to identify details and always asking yourself many questions about the “person” with whom you are connecting.
In short, even if we are on the cusp of Valentine’s Day, we must put aside desires and sentimentality and develop a more cynical, inquiring and attentive attitude.
On our own, however, it is difficult to make this happen. It is better to rely on reliable training platforms that can accompany us in gaining a better understanding, aware of the many risks that we run online.


Cyber Guru’s practical tips

  • Do not use work tools to publish personal content on social media, a practice that is part of daily habits, and represents one of the weaknesses of many companies, due to the careless use of work tools, such as PCs and smartphones, which often are used to store confidential documents. Therefore, it is necessary to be rigorous about the use of work tools: ensuring that we avoid lending them to others, and keeping them separate from personal ones can already constitute a first defence.
  • Be doubtful of coincidences: cybercriminals adopt real behaviour, simulating casual approaches, without malice or excessive interest. Instilling trust and creating intimacy with the victim takes time, patience and a lot of empathy, and already this approach can give rise to doubts. The coincidences then begin to multiply: same tastes, same habits, same line of thinking. An almost-perfect harmony…and precisely for this reason we should be suspicious.
  • Before making contact, cybercriminals undertake ‘social engineering’. In other words, they study their victims by observing their likes and comments on other users’ posts to get an idea of their habits, desires, and hopes. We must therefore be vigilant and, in addition to wondering whether such similar tastes might be the result of information that can be easily retrieved online, always carefully evaluate what we post.
  • How to expose them: it is advisable to be wary of an unknown person, especially if single, who is in a solid economic situation, engaged in important studies or who has a good job and lives abroad. Further proof may be the fact that the suitor is not available to meet up in person. Useful verification: you can upload the profile photo of the suitor in the Google Images search engine to verify whether it belongs to other users.
  • Protect your devices: both professional and private, by downloading updates when they are available, keeping your social media profiles private and not sharing information or files that could reveal personal details or sensitive data, even indirectly, such as posting a photo showing your way home or your time of departure on holiday.
  • What should you never do? It is best to avoid clicking on links or opening a digital Valentine’s Day greeting card, if it comes from a stranger.

Related Articles

Clusit 2024 report: data of concern

Clusit 2024 report: data of concern

Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.The centrality of the human factor. From the cyber front comes no good news. On the contrary, the war (because this is what it is all about) is more heated than ever and the...

read more