It’s the night before Valentine’s Day, and it suddenly clicks in your mind that you have totally overlooked one of the most commercialized days of love in everyone’s calendar. You have no gift, flowers, card…. So, what do you do?

Well, fear not! The cybercriminal landscape has you covered and could provide an easy way for you to demonstrate your love for your nearest and dearest—not with the promise of flowers or even diamond jewelry but rather stolen accounts for their favorite streaming services and retail stores.

Valentine’s Day is, of course, a major commercial holiday. Experts predicted that consumers would spend roughly $27.4 billion on purchases related to the holiday this year, up from last year’s $20.7 billion. Most spending is, predictably, focused on candy, jewelry, a night out, and flowers. This year Digital Shadows (now ReliaQuest) has observed a variety of posts across a number of Russian- and English-language cybercriminal forums capitalizing on the consumer frenzy by offering discounts on illicitly acquired goods and services.

On 14 February one threat actor on a gated Russian-language cybercriminal forum invited users to let their love “shine with wonderful gifts”, offering a 14% discount on purchases of fraudulently acquired accounts for multiple organizations spanning sectors as diverse as social media, retail, hospitality, and travel.


Slilp forum thread offering Valentine’s discounted accounts

Slilp forum thread offering Valentine’s discounted accounts

On an English-language cracking forum one user updated their long-standing thread to promote their “Valentine’s Day Offers” on accounts for several television and music streaming services.


Cracking forum thread offering Music/TV streaming services

Cracking forum thread offering Music/TV streaming services

Another user subverted the usual requirement for forum members to leave a comment on a thread to unlock hidden content, posting “Like to find your valentine” in a thread advertising credentials for popular streaming services.


Cracking forum thread offering special Valentine’s discounts


Still another user encouraged their fellow forum members to “get your lady something nice for Valentine’s Day”, offering gift cards for clothing retailers.


Cracking forum thread offering discounted Victoria Secret’s giftcards

Cracking forum thread offering discounted Victoria Secret’s giftcards

Although cybercriminals abusing Valentine’s Day for commercial gain is not a new phenomenon, the continued appearance of this type of offer year after year is just another classic example of how far these crooks will go to in order to make a sale and earn a quick buck.

Cybercriminals are always on the lookout for opportunities to entice new customers and will not hesitate to market their illegal goods accordingly. Although the prices attached to some items appear cheap, and the threat actors are not sophisticated in their selling strategies, such offerings remain a constant threat to retail businesses, streaming providers, and social media operators in particular.

Limiting this threat on the part of the retailer is not straightforward and, by extension, minimizing your risk as an individual when shopping online to avoid stolen credentials also requires vigilance. However, there are some measures that can be followed to avoid the likelihood of trouble. Here are a number of tips to help both retailers and consumers stay safe during holiday periods.

For consumers:

  • Be mindful of where you shop: Before putting your personal or financial information into a website, make sure that you’re on the site you intend to be on. Phishing sites that seek to steal your information are incredibly common, and a keen eye that looks for unusual characters in the URL or on the web page can make all the difference. Always ensure you shop via reputable and official vendors; if a deal seems too good to be true, then it probably is.
  • Don’t always trust the padlock: If a site has a valid certificate and is using HTTPS, it doesn’t automatically mean that your data is secure; some certificates are free, and attackers can also easily purchase e-commerce sites with valid certificates on criminal marketplaces.
  • Don’t make the mistake of buying counterfeit goods: Fraudsters may use the hype of a shopping holiday to push fake products. Be suspicious about sales, prices, and deals that are well below the standard going price.
  • Take some time to monitor your accounts: If you happen to find yourself the victim of fraud, constant account checkups can be useful to catch fraudulent activity before it can do even more damage. Contact your bank or card issuer immediately if you identify any suspicious purchases.

For retailers:

  • Be diligent about your supply chain: Point of sale (POS) devices are prime targets, so make sure they are protected and monitored regularly for suspicious activity. Besides POS devices, don’t forget about third-party vendors such as your HVAC vendor, IT services, third-party software, etc. Have a defined supply chain onboarding process to include a robust vendor review, implement least privilege access, ensure there are strict security controls, and remember to revisit every step on a regular basis or if the scope of the vendor partnership changes.
  • Use payer authentication and validation: Requiring card verification numbers (CVNs), using an address verification service (AVS), or using a 3-D Secure payer authentication service can help reduce the use of stolen credit cards.
  • Monitor cracking forums for mentions of your company: The presence of your company domain on a cybercriminal forum is a good indication you are being targeted by credential stuffing tools.
  • Use anti-CNP (Card-Not-Present) tools to validate transactions: Device fingerprinting, customer history, velocity monitoring, and negative lists (in-house or shared) are all valuable tools to disrupt fraudsters.
  • Plan ahead and stay one step ahead of cybercrime: Have a process in place to handle compromised customer accounts, be prepared to deal with extortion scenarios, and use threat intelligence to track actors and understand their threat level.

Retail and e-commerce organizations have a wealth of sensitive data and deep supply chains that can expose their business, customers, and brand to a wide variety of digital risks.