Happy phishing day to you!
Phishing emails usually try to trick the user into opening an attachment or visiting a website. Often this is by instilling a sense of urgency -- telling you your account is about to expire, for example.
Researchers at NordVPN have uncovered a new tactic involving email birthday cards. After all, if it's your birthday and you've opened several eCards already you're not going to think there's anything phishy about another one.
This is made easier for the phisherfolk by dates of birth -- along with other details -- frequently being among details stolen and leaked on the dark web. NordVPN reckons around 900 million people's birth dates are online.
"On its own, a birth date is not a valuable asset to a criminal. It is easy to Google the birth date of almost everyone. However, in combination with other data (such as email, friends' list, name, and surname), it can be used to target a person using a highly personal email with perfect timing, such as a birthday," says Daniel Markuson, a cybersecurity expert at NordVPN.
In some cases the message says that a victim has an Amazon gift card waiting for them that someone purchased for their birthday, giving even more incentive to click.
To avoid falling victim to a birthday phishing scam you should look out for generic greetings like 'Dear Sir/Madam', beware of clicking links or opening attachments, and check that the message is genuinely from someone you know. If you're signing up to an eCommerce or social media site that requires your date of birth it can also be a good idea to give a false one.
"It is important to remember that cybercriminals don't take days off on special occasions," adds Markuson. "There is no need, of course, to ruin your birthday with the paranoia of being targeted online, but staying vigilant and informant is always important."
You can read more about dark web leaks on the NordVPN blog.