Phishing for baits: How to get all the treats and none of the tricks.

Halloween is around the corner, and you know what that means – scary customs, scary movies, scary decorations, and, unfortunately, scary cyberattacks. This holiday seems to cause sneaky cyber criminals to rise up from the dead and initiate all kinds of cyberattacks, phishing in particular. Phishing is fraudulent attempt by cyber criminals to collect sensitive information online by pretending to be a trustworthy company or person. Since last year alone, phishing attempts have risen by a scary 40.9%, with 1.5 million new phishing websites being created each month. These attacks cause way too many people to fall victim to pranks that seem completely innocent, but end up costing them a fortune, and what better time to evoke a little fear and phish for goods than on Halloween?

Here are some of the common Halloween phishing tricks to avoid:

1. Buying tickets to fake Halloween events

Halloween parties are some of the best ones all year. For one night you get to be somebody else, surrounded by festive and creative individuals who are also embodying their alter-ego and looking for a fun night to celebrate it. But they’re not the only imposters around looking for a good time. Hackers take advantage of the demand for parties and the secrecy in the air by advertising bogus events on the web and through social media channels. These events typically don’t provide pertinent details such as a venue or contact information to the event organizers. They also use similar names to popular events, tricking the customer into thinking they’re going to that specific event. The creators of these bogus sites will use phishing methods to have you enter your personal information (such as PayPal account or credit card information) which will ultimately be kept by them to defraud you in the future. They can also send you a ticket download link which can contain malicious Trojans intended to allow hackers to take over the user’s system and to be the only ones celebrating this Halloween. Sounds scary? We’re only getting started.

2. Clicking on ads for bogus discounted Halloween costumes

What is Halloween without a super cool costume? With the rise of internet shopping, going to the Halloween store in your neighborhood has become a thing of the past. Online, you have more options, better options, maybe even cheaper options, and instead of the messy and lengthy experience you have at the Halloween brick and mortar store, you can simply and easily get your costume and merchandise delivered to your door step. But if you wait until the last minute to pick your costume (like most of us do), you will notice how popular sites that are usually filled with great options all year long tend to run out of the ‘good’ costumes or sizes when the big day comes near. So, desperately, when an email or a popup showcasing an unknown Halloween online store with all the cool costumes and decorations you cannot find elsewhere, you’re inclined to give it a look. But these unknown sites may pose a real risk to users, attempting to take advantage of their urgency to buy a costume in order to steal their personal information. Unfortunately, the victims of these attacks are going to have to repeat last year’s look, as their costumes aren’t planning on arriving anytime soon.

3. Getting sweet offers through social media messages

Friend requests from unknown people and messages from actual friends on social media telling you you’ve won money in a Halloween sweepstake or attaching a link to a Halloween website or event may seem innocent, but these messages may be in fact leading you to malicious phishing sites, without the sender’s awareness. With social media, it gets easier to steal your information since the user already knows so much about you, such as your name, location, and possibly phone number. Besides phishing messages, they can also send you malware in disguise of innocent attachments that can record your keystrokes and passwords, thus leaving you completely vulnerable to identity thieves.

As frightening as it may all seem, there are actually ways to avoid these Halloween scams:

  • Be wary to prices or terms that sound too good to be true, researching the event organizer contact details and confirming with them ahead of time, and doing a simple online search to make sure the website matches the name of the event, according to The Better Business Bureau.
  • Pay with a credit card. That way you can dispute the purchase later.
  • Look for secured sites (they will start with an https, with the “s” standing for protection) and make sure there’s a lock on the address bar.
  • Avoid tickets via Craigslist, even if they come with a receipt.
  • Check out legitimate third-party ticket sites and scam ones on
  • Look for user reviews and comments before making any purchases.
  • Use good judgement- if it feels fishy, or if it sounds too good to be true, it probably is.

Sometimes you just have to resist the temptation to go for what seems like a sweet treat as it can turn out to be a cruel trick. Hopefully the situations described in this article will help you be better prepared for this Halloween’s attempted phishing attacks; In the meantime, you can learn how to protect yourself from more types of phishing attacks and ransomware attempts. For protection beyond your better judgement, ZoneAlarm’s free Anti-Phishing Chrome Extension can help. It scans and removes websites before you get a chance to insert your personal information and alerts you if it’s a safe to use or a phishing site. For protection against more types of cyber-attacks, such as having your keystrokes recorded, ransomware, or being infected with advanced viruses and malware, ZoneAlarm’s Extreme Security is recommended, and can be used on up to 10 devices.

Have a safe and happy Halloween!

Get ZoneAlarm Extreme Security 2019

Get it now

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Our Products

ZoneAlarm Extreme Security

Extreme Security

Virus free.
100% Guaranteed.

Learn more
ZoneAlarm Anti Virus

Pro Antivirus & Firewall

Virus and spyware protection.

Learn more
ZoneAlarm Firewall Pro

Pro Firewall

Blocks hackers and intruders

Learn more

Recent Tweets

Trusted by nearly 100 Million users worldwide