You got a Valentine card! click here to open...

Tomorrow will be Valentine's day, the day of love and romance. In the last 10 years it has also been well known for being a favorite theme used by malware writers to lure unsuspecting users to get infected. "Your loved one sent you an e-card. Click here to retrieve it" is already a classic and it doesn't look like it will leave us anytime soon. There is a deeper problem other than people looking for love through the internet though: users are the natural victims of social engineering attacks.

My automated script to parse email messages won't care about love letters sent to him, paypal trying to freeze his account or the big Nigerian fortune recently available to him. Humans, on the other hand, are prone to these and other tricks that exploit naiveness, greed, generosity or any other very human passions that move us. You'd think awareness campaigns have lessened this to some extent but criminals still use the same tricks over and over with a high degree of success.

Just this week I read the story of an ex-scammer from a Nigerian gang telling some of their techniques and the kind of money they're making with the age-old "Give us some money to get a very big payout". People are still falling for the same tricks!!

The IT security industry can make super-sophisticated software that stop zero-day exploits, detect viruses trying to penetrate the computer's defenses, stop bots from making phone-home connections and any other technical attack but what we'll never be able to do is stop the user from clicking on that malicious link because he wants to see the porn video they told him was going to be displayed.

If you think about it, we're trying to save the user from... yes, the user. The problem of creating tight security measures to keep a user safe is that he will try to bypass them because that valentine ecard is more important to him than firewalls, antivirus or any other fancy three-letter-acronym software thrown at them. As somebody in an IT security list I'm subscribed to recently quoted "The problem of making something foolproof is that fools are very ingenious". I suspect we'll keep getting fake valentines that lead to malware for years to come.