Crooks are Sending Halloween-Themed Phishing Emails

Stu Sjouwerman | Oct 29, 2024

Depositphotos_269773544_SHalloween-themed spam and phishing emails have surged over the past two months, with a significant increase beginning in October, according to researchers at Bitdefender.

“Bitdefender’s telemetry indicates a sharp rise in Halloween-themed spam throughout September and October,” the researchers write.

“However, Halloween-themed spam rose 18% percentage points between 1-16 October 2024, compared to the entire month of September. This spike mirrors the shopping frenzy and anticipation leading up to Halloween, with cybercriminals aiming to exploit consumers in search of deals, costumes, and party supplies.”

Around 40% of these spam emails are malicious, attempting to trick users into installing malware, handing over login credentials, or sending money for phony purchases.

“These messages often take the form of phishing emails, many disguised as giveaways and goodie baskets from well-known retailers,” the researchers write. “Once users engage with these emails, they’re often led to fraudulent websites that harvest personal information and money.

A couple of scam campaigns on this topic appeared as early as late August, possibly because fraudsters were trying to prey on conscientious shoppers who like to get their seasonal décor and Halloween gear in advance. These early iterations serve as a great depiction of a typical Halloween-themed scam website.

The pages are often filled with eerie-themed visuals and enticing promises of last-minute costume deals, decorations, and party supplies, preying on early planners who are eager to cross Halloween shopping off their lists.”

Bitdefender offers the following recommendations to help users avoid falling for these scams:

  • “Double-check URLs: If an email promises a Halloween deal, hover over any links before clicking to ensure they direct you to a legitimate website
  • Beware of unsolicited attachments: Halloween-themed e-cards may seem fun, but they can carry malware
  • Look for red flags: Poor grammar, suspicious-looking domains, and urgent language are common in spam emails”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

 

Bitdefender has the story.

Uncover Technical Blind Spots and Exfiltration Risks with Free BreachSim

Data exfiltration is a critical target for cybercriminals, yet most organizations fail to detect breaches internally. Run our 100% harmless BreachSim tool on Windows 10+ workstations to safely simulate over 12 realistic data exfiltration scenarios following the MITRE ATT&CK framework, pinpoint your infrastructure’s weaknesses, and get actionable results in minutes.

Launch Your Free Breach Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.