Halloween is around the corner, and you know what that means – scary customs, scary movies, scary decorations, and, unfortunately, scary cyberattacks. This holiday seems to cause sneaky cyber criminals to rise up from the dead and initiate all kinds of cyberattacks, phishing in particular. Phishing is fraudulent attempt by cyber criminals to collect sensitive information online by pretending to be a trustworthy company or person. Since last year alone, phishing attempts have risen by a scary 40.9%, with 1.5 million new phishing websites being created each month. These attacks cause way too many people to fall victim to pranks that seem completely innocent, but end up costing them a fortune, and what better time to evoke a little fear and phish for goods than on Halloween?
Here are some of the common Halloween phishing tricks to avoid:
1. Buying tickets to fake Halloween events
Halloween parties are some of the best ones all year. For one night you get to be somebody else, surrounded by festive and creative individuals who are also embodying their alter-ego and looking for a fun night to celebrate it. But they’re not the only imposters around looking for a good time. Hackers take advantage of the demand for parties and the secrecy in the air by advertising bogus events on the web and through social media channels. These events typically don’t provide pertinent details such as a venue or contact information to the event organizers. They also use similar names to popular events, tricking the customer into thinking they’re going to that specific event. The creators of these bogus sites will use phishing methods to have you enter your personal information (such as PayPal account or credit card information) which will ultimately be kept by them to defraud you in the future. They can also send you a ticket download link which can contain malicious Trojans intended to allow hackers to take over the user’s system and to be the only ones celebrating this Halloween. Sounds scary? We’re only getting started.
2. Clicking on ads for bogus discounted Halloween costumes
What is Halloween without a super cool costume? With the rise of internet shopping, going to the Halloween store in your neighborhood has become a thing of the past. Online, you have more options, better options, maybe even cheaper options, and instead of the messy and lengthy experience you have at the Halloween brick and mortar store, you can simply and easily get your costume and merchandise delivered to your door step. But if you wait until the last minute to pick your costume (like most of us do), you will notice how popular sites that are usually filled with great options all year long tend to run out of the ‘good’ costumes or sizes when the big day comes near. So, desperately, when an email or a popup showcasing an unknown Halloween online store with all the cool costumes and decorations you cannot find elsewhere, you’re inclined to give it a look. But these unknown sites may pose a real risk to users, attempting to take advantage of their urgency to buy a costume in order to steal their personal information. Unfortunately, the victims of these attacks are going to have to repeat last year’s look, as their costumes aren’t planning on arriving anytime soon.
3. Getting sweet offers through social media messages
Friend requests from unknown people and messages from actual
friends on social media telling you you’ve won money in a Halloween sweepstake
or attaching a link to a Halloween website or event may seem innocent, but
these messages may be in fact leading you to malicious phishing sites, without
the sender’s awareness. With social media, it gets easier to steal your
information since the user already knows so much about you, such as your name,
location, and possibly phone number. Besides phishing messages, they can also
send you malware in disguise of innocent attachments that can record your
keystrokes and passwords, thus leaving you completely vulnerable to identity
As frightening as it may all seem, there are
actually ways to avoid these Halloween scams:
- Be wary to prices or
terms that sound too good to be true, researching the event organizer contact
details and confirming with them ahead of time, and doing a simple online
search to make sure the website matches the name of the event, according to The
Better Business Bureau.
- Pay with a credit
card. That way you can dispute the purchase later.
- Look for secured
sites (they will start with an https, with the “s” standing for protection) and
make sure there’s a lock on the address bar.
- Avoid tickets via
Craigslist, even if they come with a receipt.
- Check out legitimate
third-party ticket sites and scam ones on bbb.org.
- Look for user reviews
and comments before making any purchases.
- Use good judgement-
if it feels fishy, or if it sounds too good to be true, it probably is.
Sometimes you just have to resist the temptation to go for what seems like a sweet treat as it can turn out to be a cruel trick. Hopefully the situations described in this article will help you be better prepared for this Halloween’s attempted phishing attacks; In the meantime, you can learn how to protect yourself from more types of phishing attacks and ransomware attempts. For protection beyond your better judgement, ZoneAlarm’s free Anti-Phishing Chrome Extension can help. It scans and removes websites before you get a chance to insert your personal information and alerts you if it’s a safe to use or a phishing site. For protection against more types of cyber-attacks, such as having your keystrokes recorded, ransomware, or being infected with advanced viruses and malware, ZoneAlarm’s Extreme Security is recommended, and can be used on up to 10 devices.
Have a safe and happy Halloween!