Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day. And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine's themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect. Just as Christmas makes us a bit more likely to click on a dodgy parcel delivery text, Valentine's Day means we are more likely to click on something romance related.
Here are the top tactics that cybercriminals employ, and how to avoid falling victim.
1. Be wary of romance scams
"People can be vulnerable on February 14th," said Dave Machin, Partner at The Berkeley Partnership. "If you're using a dating app or social media, watch out for people who claim to fall for you really fast but avoid video calls, meetups, or providing personal details." Also, listen out for a potential suitor who sounds a bit too "scripted" during conversation and, if speaking on the telephone, "bot" style chat with an automated tone or delayed responses.
2. Watch out for fake online stores
Need a last minute Valentine's gift and tempted by an online store with a brilliant offer? Only shop from reputable stores and check for HTTPS in the URL. "Scammers set up fake websites selling flowers, chocolates, and jewelry at suspiciously low prices. If a store has limited contact information and no or too good to be true customer reviews, this is also a red flag," Machin said.
3. Avoid phishing emails and messages
You may receive emails or texts with fake Valentine's Day deals, electronic greeting cards (e-cards), or delivery notifications. However genuine it looks, or tempting an offer, don't click on links from unknown senders. "If you spot an offer and need to verify it, go back to the original retailer's website instead of clicking through links," Machin said.
4. Be careful with e-cards
Scammers can easily make e-cards look legitimate, using familiar branding and designs to trick users into clicking without suspicion. But Machin warns: "Clicking on a seemingly innocent link within an e-card can lead to downloading malware or being redirected to a phishing website designed to capture personal or company details." Attachments within e-cards can also be used to deliver malware, even if they appear to be simple image files.
5. Use secure payment methods
Avoid wire transfers, prepaid gift cards, or cryptocurrency for online purchases for Valentine's Day. "These payment methods are wide open to cyberattack," Machin said. "Wire transfers are instantaneous and almost impossible to reverse, prepaid gift cards offer weak security measures, and there are private key vulnerabilities when paying by crypto. Stick to PayPal or credit card services which both offer fraud protection."
6. Protect your personal information
Valentine's Day scammers take advantage of social engineering and people letting their guard down around February 14th. "Never share sensitive information like address, phone number, or banking details with someone you just met online. Someone genuine would not be asking for that information," Machin said. "Using strong, unique passwords for dating apps and online stores is also a good idea."
7. Verify charities before donating
Scam emails and messages impersonating charities are common. Charity phishing often involves a personal plea for help from an individual, but it can be more sophisticated. Some emails are designed to look professional and branded just like the charity they're impersonating. "The emails usually include a link to a fake website designed to look genuine, which includes instructions on how to donate money," Machin said. "If you want to donate something to a charity and check that it's genuine, always go back to the official website and start the process there—not via an email."
8. At work, understand your own personal duty of care
Did you know individual leaders and directors have a fiduciary duty to their employer, and legal and regulatory responsibilities to protect the firm against cybersecurity attacks? "If you are in a C-suite role, you need to be engaged, informed, and accountable for what you are personally responsible for," Machin said. "For example, the CHRO might be responsible for ensuring security awareness training is included in all onboarding and training, and the CEO may be tasked with setting a "cyber risk appetite" that balances the value chain, strategic differentiators, and necessary controls."
9. Identify the core business assets you need to protect first
If you were to fall victim to cybercrime at work, what are the core assets in scope and what is the extent of potential damage that can occur if they are compromised? "Analyze systems, applications, data, operations, and stakeholders. Then ascertain owners, reach, and impact and define and rehearse your response," Machin said.
