As Valentine’s Day 2026 approaches, people are turning to online shopping, digital dating, and last-minute gift ideas. Unfortunately, cybercriminals are doing the same. Check Point researchers have identified a sharp rise in Valentine-themed phishing websites, fraudulent stores, and fake dating platforms designed to steal personal data and payment information
A Seasonal Spike in Valentine-Themed Domains
From March to December 2025, new Valentine-related domains averaged 474 per month. But in January 2026, registrations jumped to 696 — a 44% increase. In just the first five days of February, researchers detected 152 additional domains, a further 36% rise in daily average compared to January. Almost all—97.5%—remain unclassified, meaning they could be activated for malicious use at any moment.
Attackers build these domains around common search terms like “Valentine’s Day gifts” or “cheap Valentine deals,” making them more likely to appear trustworthy to shoppers in a hurry. Many might remain dormant until days before February 14 to maximize impact.
Fake Stores That Look Too Good to Be True
One example is funkovalentine[.]club, a site registered in January 2026 which was active, though no longer reachable now. It featured a fully designed e-commerce layout, product categories, pricing, checkout pages and attractive though suspiciously broad merchandise (e.g., watches, décor items). The domain name likely attempts to build trust by appearing similar to both the Funko brand (known for its pop culture collectibles) and to Valentine’s Day shopping, a tactic frequently used by attackers during holiday periods. Despite its professional appearance, the site was malicious and designed to steal credentials and payment information.
Romance Scams and Look-Alike Dating Sites
Romance-themed scams are rising, too. In January 2026, researchers found 710 look-alike dating domains impersonating major platforms like Tinder, a 9% increase from December. Some are harmless for now, but many could turn malicious quickly.
A notable case, tinnder[.]cfd, cloned Tinder’s branding and familiar swipe interface using a simple typo trick, all with the goal of stealing login credentials from people looking for genuine connections.
Why Valentine’s Day Is a Prime Target
Cybercriminals take advantage of the emotional nature of Valentine’s Day, people feel urgency, excitement, loneliness, and anticipation. That mix leads to faster clicks, riskier purchases, and less scrutiny.
At the same time:
- Online shopping for gifts spikes.
- Dating activity increases.
- Attackers can quickly activate newly registered domains for short, high-impact campaigns.
- Brand impersonation (Funko, Tinder, and others) makes fake sites look familiar and trustworthy.
Together, these elements create the perfect storm for seasonal scams to thrive.
How to Stay Safe This Valentine’s Day
A few simple precautions can go a long way:
- Stick to Trusted Retailers
Avoid unfamiliar stores, especially when the domain name is Valentine-themed or the deal seems unusually cheap. - Double-Check URLs
Watch for small misspellings like tinnder instead of tinder. When in doubt, type the official site manually. - Beware of Odd Payment Requests
Crypto, gift cards, and wire transfers are red flags. Legitimate retailers won’t push them. - Download Dating Apps Only From Official App Stores
Never use links from emails, texts, or social posts. - Ignore Random “Valentine’s Deals” Messages
Expect more phishing attempts across email, SMS, and social channels this time of year. - Enable Multi-Factor Authentication
Even if credentials are stolen, MFA adds an important layer of protection.
Celebrate Love—Without the Scams
Valentine’s Day should be about connection, not getting caught off guard by cybercriminals. With polished fake stores, lookalike dating sites, and a surge in unclassified Valentine’s domains, staying alert is key.
Enjoy the season, shop thoughtfully, and swipe with care.
