Is cybercrime seasonal? Why online scammers love Valentine's Day


Andy Churley

Like the rest of us, cybercriminals love public holidays and festivals. But as Andy Churley explains, they have very different reasons to look forward to certain times of the year.

I started contemplating this subject in December and at the time of writing it is now past Valentine’s Day and rapidly heading towards Easter. The year ahead for cybercriminals is a busy one, bouncing from one public holiday to another, using any excuse as an opportunity to dream up another too-good-to-be-true online offer. The past three months have produced a staggering range of cybercrime.


December was a busy time for online counterfeiters, fraudsters and other digital criminals. On ‘Cyber Monday’—December 17, 2012—$1.25 billion was racked up in online sales. At this time NetNames saw a huge increase in the number of online offers for sale for the most popular toys such as the new Furby, the Leap Pad 2 and the Nintendo WiiU. NetNames discovered more than 88,000 listings for popular Christmas toys on one well-known marketplace site alone—a good proportion of which off ered counterfeit products from well-known brands.

The reason online sale of counterfeit goods is so abundant in December is simply because the legitimate online sales outlets all offer reductions in order to stimulate sales, which makes it more difficult for the online shopper to discern the legitimate offer from the illegal one. Also, with the more well-known shopping sites selling out of the most popular items, shoppers desperate for those ‘must-have’ products will cast their net further than usual.

Other types of illegal or infringing activities particularly strong in December include:

  • Traffic diversion: Diverting traffic away from a legitimate website to an illegitimate website. This is achieved by exploiting AdWords or other keyword search platforms, using keywords and brands’ trademarks illegally to divert traffic away from the legitimate site. One example is diverting traffic searching on a premium watch brand to a website off ering other watch brands which do not include the brand in question.
  • Rogue affiliates: In the run-up to Christmas many well-known brands offer short term deals to entice prospective buyers. Rogue affiliates may continue to offer these deals past their end date or offer deals not sanctioned by the brand owner.
  • Domain registration infringements: At this time of year, there is typically a spike in domain name registrations by criminals misusing others’ trademarked brands in order to set up attractive-looking websites offering counterfeit products.

    Due to the time scales and costs involved in domain recovery processes such as the Uniform Domain-Name Dispute-Resolution Policy (UDRP), many brand owners are reluctant to go down this route to recover a domain name that the brand owner doesn’t want in its portfolio; in some cases, brands simply do not have enough time to legitimately recover the domain name before the damage is done.


The New Year is when we all decide to take stock and put ourselves through a stark self-analysis and New Year’s resolution torture. One popular resolution is to look for another job, and it’s one that the criminals profit from, particularly in January.

With the ubiquity of the Internet, broadband communications and mobile devices, from laptops to tablets, in many professions it’s easy and convenient to work from home. Internet criminals use the desirability of work-from-home jobs to exploit those seeking better employment. There are over 50 variants of Internet recruitment scams but many follow a familiar pattern.


Typically, a job seeker will receive an email from a seemingly legitimate recruiter with the enticement of a senior position in a well-known multinational company. It will usually tell you that the company is interested in you after reading your resume online. In order to progress your candidature you will be required to reply to the email and provide certain personal details such as name, national employment number, some form of proof that you are eligible to work in the country (green card, passport details or visa details), date of birth and address.

Even at this early stage the above information can be, and often is, used by criminals to perpetrate crime such as benefit fraud (such as claiming unemployment payments), financial fraud (such as setting up false bank accounts or applying for loans), immigration fraud (such as applying for passports) or hard goods fraud (such as purchasing goods on credit using false details).

Sometimes, there will be telephone interviews prior to the face-to-face interview, when there is the opportunity for telephone scams where the candidate will unwittingly call a premium rate number and end up paying a considerable amount in order to chase a non-existent job.

If they really want to go to town they will then offer the candidate a job, helping them choose a fake house or flat (taking a three-month deposit up front). The first they know of the scam is when they turn up for work at the real company, and there is no job nor has there ever been one.

Some of the other employment scams include government jobs (premium rate calling scam), humanitarian jobs, mystery shopper (money wire transfer scam) and resumé blasting (spam emailing).


Even though it is a short month, February generates some of the more inventive Internet scams, especially as Valentine’s Day approaches. People are always looking for a killer gift without a killer price tag. Criminals know that people love well-known brands and a good deal. In February, the online criminals are out in force, loving the business that we bring them from the following online ruses:

  • Special offers for that unmissable Valentine’s day gift: Each year, there are some new ‘must have’ Valentine’s gifts. Cybercriminals know what they are as well as we do. If you are loved up and planning something rash, beware of emails for engagement rings at too-good-tobe- true prices because not only will you not get what you paid for online, your computer will also be infected with malware and your identity stolen.
  • The gift card: For those who find themselves at a loss for ideas, the perfect answer is a gift card from a well-known retailer, from an unknown website. Often this scam is perpetrated via social media networks using banner ads or posts on the most popular platforms.
  • Fake flowers: Criminals set up fake florists' websites, complete with fake logos, such as an Interflora emblem, to convey legitimacy. These sites will take payment details and then perpetrate further fraud using the cardholder’s details.
  • The e-card: Criminals will deliver a mountain of spam in February with enigmatic messages from supposed romantic admirers. These e-cards will possibly contain malware but will certainly contain a link to a website which contains malware.

When looking at the rest of the year we have to consider the plethora of other online criminal activities that accompany national and religious holidays, vacation periods and other notable events such as TV, movie and music awards, etc. For example, you can expect a focus on online dating scams in the spring and travel scams in the summer and winter.

Does cybercrime really affect the brand owner?

There is no doubt about it, Internet crime is big business, very big business, but cybercrime is usually targeted at the consumer rather than the brand owner, so does it really affect brand value?

Domain squatting alone is estimated to cost brand owners more than $1 million per brand per year and 25 percent of the world’s email advertises fake or unlicensed drugs, costing pharmaceutical companies around $46 billion every year. According to a 2012 report, the net cost of cybercrime is $388 billion—equivalent to the GDP of Sweden, the 32nd-richest country in the world.

Even smaller brand owners are affected; being the victim of the cybercriminal can have a more significant effect on revenue in a small company than it does on the world’s largest brands. For example, counterfeiting is not confined to haute couture handbags, shoes and designer clothing, or luxury Swiss watches; brake pads, keyrings, dog collars, fence posts and hair products are all the target of the cybercriminal. In short, if it can be counterfeited and sold online it will be.

Money can also be made by buying domain names and selling them in bad faith, and the cybercriminal will be online already profiting from brand owners’ hard-earned reputations.

What can brand owners do?

The simple answer is ‘be vigilant’. Make sure you monitor your brand online, and not just for mentions on Facebook and Twitter. Early detection and rapid response is proved to deter cybercriminals and often leads them to go after softer targets such as other less vigilant brands. Coverage is important. Make sure that you monitor the Internet in its broadest aspect, in local language. Finally, make sure you enforce rapidly and accurately in order to remove websites, product listings, search engine adverts and infringing domain names.

Andy Churley is group marketing director at NetNames. He can be contacted at:

This article was first published on 01 March 2013 in World IP Review

Cybercrime, public holidays, counterfeiting, UDRP, cybersquatting

Trademarks and Brands Online