Cyber Security

How to Spot

Valentine’s phishers

Valentine’s day

is coming.

You could get a bunch of roses!

You could also get a bunch of posers.

The internet is full of robot romeos and jpeg juliets.

They want your love …
and your passwords …
and your pin codes …
and your credit cards.

But you can stop them.

Read on for sappi’s hot tips on Valentine’s day spear phishing attacks – and how to outfox them …

Plenty of phish in the sea


Romance scammers get busy around Valentine’s Day. There are two types to look out for. First, the ones who befriend you on a social media or dating site, and then try to steal your personal or company information or demand financial help. And second, the delivery phishers, who try to steal your information via the (fake) delivery of a Valentine’s gift of flowers or wine. (The only thing you should ever have to part with to accept a gift is a signature.)

‘Would I lie to you, Baby?’


UM … YES. The person you are chatting to on an app might well be a real person, and you’re a catch. But you two have never met, so this person can’t know that. If they claim to be falling in love after a few online chats, this could mean (A) that you’re the world’s greatest love poet since Shakespeare, or (B) they are lying. (B) is more likely.

Spears and arrows


Random phishing happens all the time, with mass emails clogging the inboxes of the world. Spearphishers are much more cunning: they identify and target you specifically in order to sneak into your bank account or else into your company’s IT or invoicing system.

Together forever and never to meet …

If somebody keeps backing out of a plan to meet in real life, then he or she is probably a real-life criminal. Those photos aren’t real, and the person you’re dealing with is an impostor.

Hello … is it my employer’s data you’re looking for?


Romance scammers might even try to use your personal information to invade your workplace email and IT systems. This could help them to install ransomware, steal confidential information or commit fraud by impersonating a colleague to get an urgent payment authorised.

How will i know? (if he really doesn’t love me?)


A sudden, urgent demand for anything – money, information, filling out a form, or downloading an attachment – is a big red flag. Bad spelling and grammar are also warning signs – especially when combined with threats and urgency. If anything else seems aggressive, or over-the-top, or too good to be true, then it’s not true. Ghost them and block them.

Cyber Security is a team sport