Halloween brings out the ghouls, ghosts, and trick or treaters – and also plenty of cybercriminals. The latter use All Hallows Eve (and the run up to Halloween) to launch new cyberattacks and scams to trick internet users into revealing their personal information. Their treat is the emptying of a personal or business bank account and they reap the rewards that can be gained from identity theft. Halloween-Themed spam attacks are common in the run up to Halloween.
For SpamTitan, Halloween is a busy time with numerous new Halloween-themed spam and phishing scams uncovered. This holiday time is expected to be no exception. Many new Halloween phishing scams can be expected to be launched this year as cybercriminals try to take advantage of the unwary.
Halloween-Themed Spam Warning!
So far we have seen a number of new spam emails being sent, as well as some old favorites from years gone by. One of the most common themes is a “Halloween Sale,” which exploits the human need to find a bargain. This year pirated goods are being advertised in the thousands, along with cut price Halloween costumes, free gifts, special offers, Halloween-themed surveys and links to online videos.
The aim of all of these spam emails is to get users to reveal their personal information, such as account login details and credit card numbers. Often the emails deliver malware and viruses to inboxes, other times they send links to phishing websites that harvest information. It is not always credit card details that the scammers seek. Social Security numbers, dates of birth and other personal information are highly valuable; as are telephone numbers which can be used by scammers to make bogus phone calls.
New Halloween-Themed Spam Doing the Rounds
Some old favorites are seen year after year, yet they prove to be just as effective second, third and fourth time around. One of these scams was first launched in 2007 and involves scammers sending a link to a video of a dancing skeleton. By clicking the link users do not only get to see the video, they are also delivered a Halloween package of malware.
The malware-ridden web archive file in this campaign is automatically downloaded to computers. It has been estimated that millions of individuals have already fallen for this campaign and have infected their phones, laptops, tablets, and desktops.
It is not just links to infected websites that are the problem. Scams are sent via Facebook, Twitter and other social networking sites. These social media spam campaigns are proving to be highly effective. Emails are often sent containing Halloween-themed attachments, which appear genuine with file suffixes look safe. PDF files and word documents for example do not tend to arouse suspicion, yet they can easily contain malware and hidden malicious code.
It is all too easy for the unwary to accidentally click and open these attachments. The result of doing so could prove very expensive indeed. The malware contained in these email attachments can log keystrokes or even give hackers full access to the computer used to access the messages.
With so many elaborate email phishing scams now being devised, it is essential that all computer users take precautions. One of the best methods of protecting against phishing campaigns, and spam emails in general, is to block them and make sure they never arrive in an inbox. For that, a spam filer is essential. The cost of not using an effective spam filter does not even bear thinking about.
The Huge Cost of Halloween-Themed Spam and Phishing Attacks
You may be thinking “I would never fall for a phishing campaign,” but millions do. Can you be so sure that your employees will be able to identify a fake email or website, or a sophisticated phishing campaign? Will they be able to identify these scams 100% of the time?
Even if one email proves to be successful, the damage caused can be considerable, as Sean Doherty, senior engineer with SpamTitan Technologies explains. “To date it is estimated that over $40 billion has been lost to 419 scams alone.”
Given the huge sums of cash that criminals can obtain from these emails, it is clear why the threat is growing and more and more campaigns are launched every year. If a scheme is profitable, it will be repeated and new campaigns are sure to be developed.
If criminals did not profit from these types of scams, they would very rapidly stop using them. However, the reality is they do, as Doherty points out, “These scam emails continue to exist and grow in frequency and ferocity. The simple fact is that these scams wouldn’t be repeated if they didn’t reap rewards for the cybercriminals.”
All it takes is for an absent minded employee to click on a Twitter link that directs them to a phishing website, and malware can be automatically downloaded to their computer. After that, a network can be compromised. Data is then stolen, deleted, or encrypted and only released when a ransom is paid. The cost of cyber attack resolution can be considerable. If all of your company data was suddenly encrypted, would you pay a ransom to get it back? Would you have a choice?
Holiday season is a time to enjoy, but it is also a time when everyone needs to be vigilant. Be on the lookout for scams, phishing campaigns, and unknown email attachments, and make sure all of your security software is up to date. Be careful, and you will be able to enjoy the holiday period.