Cupid’s (Possibly) Poison Arrow

By | February 8, 2006

Could Valentine’s Day be a phishing day? Internet Security Systems, Inc. reckons so, saying in a press release (no URL available yet) that the number of dating sites across the world has increased by 17 per cent within the last twelve months. ISS reckons this rise “is partly attributed to the increase in malevolent websites used by developers of malicious code as an opportune moment for phishing, spam and hacker attacks on unsuspecting victims.”

Having said, that, there doesn’t seem to be a lot of strong evidence presented to back this claim up. “Organised criminal units have in the past timed their attacks to coincide with popular celebration occasions in order to achieve maximum success in compromising the integrity of computer systems,” the press release quotes Gunter Ollman, Director of X-Force at Internet Security Systems. “It is anticipated that Valentine’s Day is a day that is similarly marked on the criminals’ calendar for targeted attacks.” Makes sense, but isn’t this a tad alarmist? Should we ignore every Valentine Card we get (assuming we get any)?

ISS offers the usual suggestions about defending yourself from these poisoned Cupid arrows, as well as pointing out that it can provide its own solution, via a “Proventia Web Filter which blocks unwanted web content, optimises Internet access for employees and prevents any kind of non work related Internet use.”. Yes, of course. Ye old “press release as pitch posing as public service ad” trick.

Given that Internet Security Systems, Inc. has been, according to its own blurb, “an established world leader in security since 1994”, I guess I’d expect to see a bit more hard data to back up this kind of scaremongering. It’s not that I don’t believe that scumbags will use Valentine’s Day as a social engineering tool to pry open your gullibility, but I’m not sure security companies should just throw out warnings like this without more carefully callibrated data to justify it. Where is all the data about previous year’s attacks along these lines? Where are the examples to illustrate the problem, and the sophistication of the bad guys? What kind of data are they after? We deserve to be told if we’re going to bin potentially our only chance at happiness.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.