• United States




7 ways to stay safe online on Valentine’s Day

Feb 12, 20186 mins
Data and Information SecurityPhysical SecurityPrivacy

Looking for love in all the wrong places? Here are some helpful tips for safeguarding yourself while trying to find love on the internet.

Valentine’s Day brings out the softer side in all of us and often plays on our quest for love and appreciation. Online scammers know that consumers are more open to accepting cards, gifts and invitations all in the name of the holiday. While our guards are down, here are a few tips for safeguarding yourself while on your quest to find love on the Internet.

1. Darker side of dating websites

Unfortunately, dating websites — and modern dating apps — are a hunting ground for hackers. There is a peak of online dating activity between New Year’s and Valentine’s Day and cybercriminals are ready to take advantage of the the increased action on popular dating websites like Tinder, OKCupid, Plenty of Fish, and many others. Rogue adverts and rogue profiles are two of the biggest offenders. For example, many are skeptical of unsolicited advertisements via email. Therefore, spammers have moved to popular websites, including dating and adult sites, to post rogue ads and links. In August 2015, Malwarebytes detected malvertising attacks on PlentyOfFish, which draws more than three million daily users. Just a few months later, the U.K. version of online dating website was also caught serving up malvertising.

In the event of a ‘possible match’ a user may be asked to “check out my other profile”.  If this happens it’s most likely a scam! Be careful about links that direct you to another website. Scammers will often try and remove you from the relative safety of the website you are using and direct you to links and files of a website that has been set up to harvest your personal information. If someone sends you a shortened URL, you can usually expand them to see where they end up. You can also search the link. If nothing comes up, ignore it.

2. Grave greeting cards

Who didn’t love getting dozens of personally delivered paper Valentine’s in elementary school? Fast forward to 2018, and electronic greeting cards (e-cards) evoke a similar sentiment, but with instant digital gratification. (Let’s be honest, the paper cards are much more enjoyable to receive.)  But, be wary. Opening an e-card can fast track malware onto your machine or turn your computer into a spam-sending member of a botnet. Don’t click on links to download software to view a card. Instead, go directly to a company’s website to open it. If the e-card is legitimate, there will be a confirmation code that allows you to open it directly on the website.

3. Spammy Valentine bounty

This time of year, everyone has the best deal in town on jewelry, flowers and even chocolates delivered exclusively to your inbox. Resist the sale and the free stuff on social media websites like Facebook and Twitter. If it seems too good to be true, it probably is. This is especially true if the email is coming from a retailer that you haven’t done business with or doesn’t address you personally. The links in these emails can download malware or redirect you to a fake website to dupe you out of personal information including your address and credit card information. It’s better to shop at known retailers than trust spam websites set up to take your money and leave you heart-broken.

4. Rogue UPS notifications

This one happens all year round, but I’ve seen an uptick around the holidays and Valentine’s Day. Yes, it’s exciting to receive packages at your door. But, do not click on UPS notifications that are generic with little to no information. If you received a package, the notification should have your name and the item details. Clicking on a fake link will likely download malware or send you to a spammer’s website.

5. Fake flower shops

It’s T-minus 12 hours to Valentine’s Day and you haven’t had a moment to shop. Instead, you turn to the Internet to send flowers to your Valentine. But, not all online flower shops are legitimate. As you search online, tons of flower shops pop up in your search engine and they all seem to have the best flowers for the special day. But, be careful because even though the website looks real and claims to have been in business for years, hackers know that this is an easy way to dupe you out of your credit card information. Here are a few things to keep in mind. If it’s a flower shop under a sponsored link, this means they paid for you to see the ad and it did not arrive organically. If it’s a long-time, family-run business, they will most likely have a physical location. You can also look to review websites like Yelp to make sure others have ordered from the shop and had a good experience.

6. Love bots

If you have an open private message system, you’ll likely receive a lot of messages from people wanting to chat. Some dating websites will also send multiple daily messages to users via email claiming that person x, y, and z would like to talk to you. Most dating bots will cycle through a canned script of a dozen or so phrases before claiming you need to be “verified” in some way. This will inevitably lead to a request for payment information. Don’t do it – if in doubt, contact the service you’re using and ask them about it directly.

7. Keep it personal

Make sure the profile you set up on a dating network doesn’t have geotagging enabled, regardless of whether you created it on a website or through an app. Some dating websites base the location you initially enter to serve up a list of possible matches within a certain radius, but they don’t display the location info on your profile. Get familiar with the granular controls on the dating website’s settings and make sure you understand the differences. Many mobile apps aren’t clear about “which thing does what,” so if in doubt, disable a particular feature until you can be 100 percent sure of the functionality being used and whether you want to use it.

In addition, don’t put your real name, age or location in your profile, email or anything else related to the dating website you’re on. Anonymous usernames are fine. You should also use a disposable email address when you sign up to a new dating service – not only will this keep people you’d rather not stay in touch with away from your main mailbox, it’ll also be obvious if a dating website decides to sell your email to spammers. This is a good trick to use outside of online dating, too.

Digital dating doesn’t have to be nefarious. Keeping these tips in mind can help you navigate Valentine’s Day safely, while enjoying all the Internet has to offer with respect to e-cards, gifts and dating. Unfortunately, not every web user has their heart in the right place. Keep yours above the danger zone and find love with no strings attached!


Justin Dolly is EVP, Chief Security Officer and CIO of Malwarebytes. Prior to Malwarebytes, Dolly was the VP, Chief Security and Privacy Officer at Jawbone, where he oversaw the security and privacy implications of consumer wearable technology. He also held the Vice President and Chief Information Security Officer position at ServiceNow, where he provided strategy and vision for all information security-related initiatives.

Before that, Dolly was the CISO at VMware Inc., where he developed and led all information security-related programs and initiatives. Previously, Dolly held various security and technology leadership roles at Kaiser Permanente, CNET/CBS Interactive and Macromedia.

The opinions expressed in this blog are those of Justin Dolly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.