Beware of Halloween-Themed Spam Attacks

Halloween brings out the ghouls, ghosts, and trick or treaters – and also plenty of cybercriminals. The latter use All Hallows Eve (and the run up to Halloween) to launch new cyberattacks and scams to trick internet users into revealing their personal information. Their treat is the emptying of a personal or business bank account and they reap the rewards that can be gained from identity theft. Halloween-Themed spam attacks are common in the run up to Halloween.

For SpamTitan, Halloween is a busy time with numerous new Halloween-themed spam and phishing scams uncovered. This holiday time is expected to be no exception. Many new Halloween phishing scams can be expected to be launched this year as cybercriminals try to take advantage of the unwary.

Halloween-Themed Spam Warning!

So far we have seen a number of new spam emails being sent, as well as some old favorites from years gone by. One of the most common themes is a “Halloween Sale,” which exploits the human need to find a bargain. This year pirated goods are being advertised in the thousands, along with cut price Halloween costumes, free gifts, special offers, Halloween-themed surveys and links to online videos.

The aim of all of these spam emails is to get users to reveal their personal information, such as account login details and credit card numbers. Often the emails deliver malware and viruses to inboxes, other times they send links to phishing websites that harvest information. It is not always credit card details that the scammers seek. Social Security numbers, dates of birth and other personal information are highly valuable; as are telephone numbers which can be used by scammers to make bogus phone calls.

New Halloween-Themed Spam Doing the Rounds

Some old favorites are seen year after year, yet they prove to be just as effective second, third and fourth time around. One of these scams was first launched in 2007 and involves scammers sending a link to a video of a dancing skeleton. By clicking the link users do not only get to see the video, they are also delivered a Halloween package of malware.

The malware-ridden web archive file in this campaign is automatically downloaded to computers. It has been estimated that millions of individuals have already fallen for this campaign and have infected their phones, laptops, tablets, and desktops.

It is not just links to infected websites that are the problem. Scams are sent via Facebook, Twitter and other social networking sites. These social media spam campaigns are proving to be highly effective. Emails are often sent containing Halloween-themed attachments, which appear genuine with file suffixes look safe. PDF files and word documents for example do not tend to arouse suspicion, yet they can easily contain malware and hidden malicious code.

It is all too easy for the unwary to accidentally click and open these attachments. The result of doing so could prove very expensive indeed. The malware contained in these email attachments can log keystrokes or even give hackers full access to the computer used to access the messages.

With so many elaborate email phishing scams now being devised, it is essential that all computer users take precautions. One of the best methods of protecting against phishing campaigns, and spam emails in general, is to block them and make sure they never arrive in an inbox. For that, a spam filer is essential. The cost of not using an effective spam filter does not even bear thinking about.

The Huge Cost of Halloween-Themed Spam and Phishing Attacks

You may be thinking “I would never fall for a phishing campaign,” but millions do. Can you be so sure that your employees will be able to identify a fake email or website, or a sophisticated phishing campaign? Will they be able to identify these scams 100% of the time?

Even if one email proves to be successful, the damage caused can be considerable, as Sean Doherty, senior engineer with SpamTitan Technologies explains. “To date it is estimated that over $40 billion has been lost to 419 scams alone.”

Given the huge sums of cash that criminals can obtain from these emails, it is clear why the threat is growing and more and more campaigns are launched every year. If a scheme is profitable, it will be repeated and new campaigns are sure to be developed.

If criminals did not profit from these types of scams, they would very rapidly stop using them. However, the reality is they do, as Doherty points out, “These scam emails continue to exist and grow in frequency and ferocity. The simple fact is that these scams wouldn’t be repeated if they didn’t reap rewards for the cybercriminals.”

All it takes is for an absent minded employee to click on a Twitter link that directs them to a phishing website, and malware can be automatically downloaded to their computer. After that, a network can be compromised. Data is then stolen, deleted, or encrypted and only released when a ransom is paid. The cost of cyber attack resolution can be considerable. If all of your company data was suddenly encrypted, would you pay a ransom to get it back? Would you have a choice?

Holiday season is a time to enjoy, but it is also a time when everyone needs to be vigilant. Be on the lookout for scams, phishing campaigns, and unknown email attachments, and make sure all of your security software is up to date. Be careful, and you will be able to enjoy the holiday period.

Gaddafi Phishing Attacks Launched by Cyber Criminals Following Colonel’s Death

The death of Muammar Gaddafi has dominated the news headlines and as is typical following such a major news event, cybercriminals have taken advantage, and have launched a number of Gaddafi phishing attacks.

Analysists at SpamTitan Technologies have uncovered many new malicious emails in the past few days. The emails were caught by the SpamTitan Anti-Spam filter and placed in quarantine to prevent users from clicking on malicious links or opening infected email attachments.

The emails contain links to websites containing videos of the death of Muammar Gaddafi, including well as “previously unseen footage” of the colonel and his family. Some emails contain attachments which users can open to view new and grisly videos or pictures. When the do this they will also install malware on their computers.

New Gaddafi phishing attacks uncovered

Two of the emails that have been captured recently have the titles “Gaddafi death video – I shot and killed him”, and “Inside Aisha Gaddafi’s bathroom.” A number of similarly themed emails have also been intercepted and quarantined by SpamTitan.

The Advance Free Fraud scheme commonly used by Nigerian criminal gangs (419 scams) have been tailored and used to piggyback the news of Col. Gaddafi’s death. These schemes are used to try to get victims to reveal their bank details to criminals. Private and confidential information is disclosed in the belief that a large sum of money will be deposited in the victim’s account. They receive a transfer of cash, it is then moved on, and in exchange for this they are given a very healthy commission.

One of the latest Gaddafi phishing attacks involves an email request from Mrs. Gaddafi who requires assistance moving a considerable amount of the colonel’s capital. She reportedly has gold reserves stored in secret locations, which she needs to cash in. In order to do that undetected, she needs European and American bank accounts. Money will be transferred and then moved on, and a sizeable payment will be offered to anyone who is able to offer her help. Needless to say, no funds will be deposited, at least not in the victims’ accounts.

These scams net criminals millions of dollars because many people fall for these phishing attacks and scams. The FBI estimates that around $40 billion has been obtained from 419 scams such as this.  Because spamming is so profitable, many criminals are getting in on the act. The more spam that is delivered to inboxes, the greater the chance of people responding to the scams and handing over control of their bank accounts. Spamming is a numbers game.

Consumers need to be wary and should never respond to requests such as these, as tempting as it may be to be paid tens of thousands of dollars for receiving a transfer of cash. Businesses need to be particularly careful too. Employees may not reveal company bank account information, but many campaigns result in malware being installed on the victim’s computer. If employees respond to the emails at work, this could result in malware being installed on a work computer or worse still, the access could be given to a company network.

Fortunately, SpamTitan’s Anti-Spam solutions will capture these scam emails, preventing them from being delivered. WebTitan will protect businesses from phishing attacks and stop end users from visiting phishing websites. Staff training can help to reduce the risk of malware infections; however, for total peace of mind anti-spam and anti-phishing solutions should be installed. There will always be one individual who believes they can get rich quickly by responding to one of these 419 scams.