🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Scam
8
mins read

Beware the Boogeyman: Protect Yourself from Halloween-Themed Scams

As Halloween approaches, online scams targeting eager celebrants are on the rise. Scammers exploit increased spending on costumes, decorations, and events using fake websites, phishing schemes, and counterfeit products. Tactics include fraudulent costume shops, fake charity events, and phishing links that mimic reputable brands. Protect yourself by verifying websites, sticking to trusted retailers, avoiding unsolicited messages, and reporting scams. Stay vigilant to enjoy a safe and scam-free Halloween season.

CloudSEK TRIAD
October 30, 2024
Green Alert
Last Update posted on
October 30, 2024
Beyond Monitoring: Predictive Digital Risk Protection with CloudSEK

Protect your organization from external threats like data leaks, brand threats, dark web originated threats and more. Schedule a demo today!

Schedule a Demo
Table of Contents
Author(s)
No items found.

Executive Summary

Halloween scams have evolved with digital and social media platforms, allowing scammers to reach wider audiences. During Halloween, people are more likely to engage in online shopping, sign up for events, and share personal information to participate in themed activities. Scammers exploit these habits, creating schemes that prey on the eagerness and increased spending of Halloween celebrators. Understanding these scams is crucial to prevent monetary loss, personal data theft, and other potential risks.

‍

Top Online Scams Emerging During Halloween Celebrations

CloudSEK's Threat Research team has been closely monitoring the surge in online scams leading up to Halloween, identifying the top trending scams that are actively targeting people during this spooky season.

A. Online Costume Scams

  1. Fake Costume Websites: Fraudulent websites often pop up around Halloween, advertising costumes, masks, and accessories at steep discounts. These sites may either send low-quality items or not deliver at all. They often use social media to advertise their “deals,” drawing in customers with eye-catching ads. 

The fraudulent site’s URL is http://spirithalloweenwh[.]com, impersonate the authentic domain, spirithalloween.com. However, it has no affiliation with the legitimate Spirit Halloween brand.

‍

The website below closely resembles the original spirithalloween.com and was recently created on 2024-09-29. It uses Facebook ads to drive traffic to this fraudulent site.

‍

https://spritebabe[.]com

‍

  1. Knockoff Products: Some scammers sell counterfeit costumes that resemble popular characters or brands. These products can be poorly made, do not meet safety standards, or even be hazardous, especially for children who may experience discomfort or allergic reactions.

‍

B. Phishing and Social Engineering Scams

  1. Email Phishing: Scammers send Halloween-themed emails that mimic reputable retailers or services, encouraging recipients to click on links for "spooky discounts" or “special offers.” These links often lead to malicious websites that can steal login credentials or financial information.
  2. Social Media and SMS Phishing: People are frequently targeted on social media or via SMS, where scammers use Halloween offers or giveaways to lure victims. Clicking on these can lead to malware downloads or fake login pages to capture credentials.

C. Event and Ticket Scams

  1. Fake Event Tickets: With the popularity of Halloween events like haunted houses, ghost tours, or themed parties, scammers often sell counterfeit tickets. Victims purchase tickets through unofficial websites or peer-to-peer platforms, only to find out that the tickets are invalid or the event does not exist.
Photo from Singapore Police Force, fake Halloween Horror Nights tickets

‍

  1. Fake Charity Events: Some scammers set up fake Halloween-themed charity events, asking for donations under the pretense of supporting a local cause or charity. They might use flyers, email campaigns, or social media posts to solicit funds, which are then pocketed.

D. Fraudulent Sales of Halloween Decorations

  1. Counterfeit Products: Halloween decorations, especially those in high demand, are frequently counterfeited. These items are advertised as high-quality decorations but may not meet safety standards, leading to electrical hazards or flammability risks.
  2. Non-Deliveries: Some sellers collect payment for popular decorations that are "on sale," only to never deliver the products. Victims end up paying for items that never arrive, and it’s often difficult to reclaim their money.
Fake Telegram channel selling counterfeit Halloween decorations

‍

Telegram channel selling counterfeit Halloween Mask

‍

F. Halloween Airdrop Scams

A Halloween airdrop scam is a type of phishing scam where cybercriminals use fake cryptocurrency or NFT “airdrop” offers, often themed around Halloween, to trick people into giving up their wallet credentials, personal information, or even direct funds. These scams typically aim to exploit the growing popularity of crypto and NFTs, and they leverage the Halloween season to create urgency or excitement for themed digital assets.

Airdrop scams typically follow a familiar pattern, especially during Halloween:

  • Scammers create a fraudulent airdrop website that mimics a legitimate project's site or social media profile. They promote these bogus airdrops on social media, often using fake identities or impersonating well-known figures in the crypto community.
  • Uninformed individuals, eager to claim the promised free tokens, connect their wallets to the counterfeit site. The fake airdrop site may request users to input private keys, seed phrases, or grant unlimited token access.
  • Once users connect their wallets or provide sensitive information, scammers can infiltrate their accounts and drain their funds.
Fake airdrop event announced on telegram themed around Halloween 

‍

Twitter user @CryptoRugMunch warns that the cryptocurrency meme token $HALLOWEEN is likely another scam being promoted by @og99official and @UndisputedCallz. Investors are advised to avoid trading this token, as a rug pull is anticipated soon.

‍

Twitter user @CryptoRugMunch warns about cryptocurrency meme token $HALLOWEEN

‍

E. Poisoned Candy and Treat Scams

While less common, Halloween has a history of rumors involving tampered candy, with some scammers spreading false claims to incite fear. Although rare, there have been instances where dangerous substances are placed in treats. More commonly, however, scammers spread false stories or videos online, creating panic and causing unnecessary fear.

How Halloween Scams Are Conducted

A. Social Engineering Techniques

  1. Urgency Tactics: Scammers frequently create a sense of urgency, pushing people to act quickly without second-guessing. For example, they may advertise “one-time discounts” or “last-minute sales” on Halloween costumes.
  2. Emotional Manipulation: Some scams leverage themes like “child safety” or “support for local charities” to elicit emotional responses and donations from well-meaning individuals.

B. Malware and Phishing Links

Many scams involve links that lead to malicious websites. These phishing attempts are typically disguised as Halloween discount offers, product giveaways, or event announcements. Clicking on these links may result in downloading malware, which can steal personal information or infect the user’s device.

C. Impersonation of Trusted Brands

Scammers often impersonate trusted brands or retailers, creating fake websites that mimic popular shopping sites. They may copy logos, color schemes, and fonts, making it challenging for consumers to identify a scam. Victims who make purchases from these sites often lose their money without receiving the promised goods.

Impact of Halloween Scams

A. Financial Loss

Halloween scams can result in significant financial losses for individuals and families. Fake costume and decoration websites, in particular, target large numbers of people, resulting in collective losses in the thousands or millions.

B. Identity Theft

Many phishing scams aim to capture personal information, including email addresses, passwords, and credit card details. Victims may experience identity theft and the associated long-term financial impacts, including damaged credit and difficulty securing loans or credit cards.

C. Public Health and Safety Risks

Counterfeit costumes, decorations, and poisoned candy scams pose health and safety risks, especially for children. Low-quality or non-compliant costumes may lead to allergic reactions or injuries, while faulty decorations could result in fires.

Prevention Tips

  1. Verify Website Legitimacy: Always check website URLs and look for secure connections (https://). Avoid making purchases from unknown or poorly reviewed sites.
  2. Use Trusted Retailers: Stick to reputable, well-known retailers when purchasing Halloween costumes, decorations, or event tickets. Be cautious of items that seem unusually inexpensive.
  3. Be Skeptical of Unsolicited Messages: Avoid clicking on unsolicited links sent via email, SMS, or social media, even if they appear Halloween-themed. Hover over links to see the destination URL before clicking.
  4. Confirm Charitable Events and Donations: If asked to donate to a Halloween-themed charity, verify its legitimacy by checking the organization’s registration and background. Avoid donating to causes without verifiable details.
  5. Report the Scam: Notify relevant authorities to help prevent additional incidents.
  6. Monitor Your Accounts: Regularly check your bank and credit card statements for any unauthorized charges.
  7. Inform Your Network: Share your experience with friends and family. This can help them stay safe.

Conclusion

Halloween scams are varied and increasingly sophisticated, using seasonal themes to exploit people’s goodwill, excitement, and purchasing behaviors. By remaining vigilant and following preventive measures, individuals can enjoy a safe Halloween free from scam-related incidents. Awareness and education are crucial, as scammers adapt each year to new trends and platforms. Ensuring that one is informed about these risks and knows how to spot suspicious activity is the best way to prevent becoming a victim.‍

References

‍

Author

CloudSEK TRIAD

CloudSEK Threat Research and Information Analytics Division

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
No items found.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil
Scam

8

min read

Beware the Boogeyman: Protect Yourself from Halloween-Themed Scams

As Halloween approaches, online scams targeting eager celebrants are on the rise. Scammers exploit increased spending on costumes, decorations, and events using fake websites, phishing schemes, and counterfeit products. Tactics include fraudulent costume shops, fake charity events, and phishing links that mimic reputable brands. Protect yourself by verifying websites, sticking to trusted retailers, avoiding unsolicited messages, and reporting scams. Stay vigilant to enjoy a safe and scam-free Halloween season.

Authors
CloudSEK TRIAD
CloudSEK Threat Research and Information Analytics Division
Co-Authors
No items found.

Executive Summary

Halloween scams have evolved with digital and social media platforms, allowing scammers to reach wider audiences. During Halloween, people are more likely to engage in online shopping, sign up for events, and share personal information to participate in themed activities. Scammers exploit these habits, creating schemes that prey on the eagerness and increased spending of Halloween celebrators. Understanding these scams is crucial to prevent monetary loss, personal data theft, and other potential risks.

‍

Top Online Scams Emerging During Halloween Celebrations

CloudSEK's Threat Research team has been closely monitoring the surge in online scams leading up to Halloween, identifying the top trending scams that are actively targeting people during this spooky season.

A. Online Costume Scams

  1. Fake Costume Websites: Fraudulent websites often pop up around Halloween, advertising costumes, masks, and accessories at steep discounts. These sites may either send low-quality items or not deliver at all. They often use social media to advertise their “deals,” drawing in customers with eye-catching ads. 

The fraudulent site’s URL is http://spirithalloweenwh[.]com, impersonate the authentic domain, spirithalloween.com. However, it has no affiliation with the legitimate Spirit Halloween brand.

‍

The website below closely resembles the original spirithalloween.com and was recently created on 2024-09-29. It uses Facebook ads to drive traffic to this fraudulent site.

‍

https://spritebabe[.]com

‍

  1. Knockoff Products: Some scammers sell counterfeit costumes that resemble popular characters or brands. These products can be poorly made, do not meet safety standards, or even be hazardous, especially for children who may experience discomfort or allergic reactions.

‍

B. Phishing and Social Engineering Scams

  1. Email Phishing: Scammers send Halloween-themed emails that mimic reputable retailers or services, encouraging recipients to click on links for "spooky discounts" or “special offers.” These links often lead to malicious websites that can steal login credentials or financial information.
  2. Social Media and SMS Phishing: People are frequently targeted on social media or via SMS, where scammers use Halloween offers or giveaways to lure victims. Clicking on these can lead to malware downloads or fake login pages to capture credentials.

C. Event and Ticket Scams

  1. Fake Event Tickets: With the popularity of Halloween events like haunted houses, ghost tours, or themed parties, scammers often sell counterfeit tickets. Victims purchase tickets through unofficial websites or peer-to-peer platforms, only to find out that the tickets are invalid or the event does not exist.
Photo from Singapore Police Force, fake Halloween Horror Nights tickets

‍

  1. Fake Charity Events: Some scammers set up fake Halloween-themed charity events, asking for donations under the pretense of supporting a local cause or charity. They might use flyers, email campaigns, or social media posts to solicit funds, which are then pocketed.

D. Fraudulent Sales of Halloween Decorations

  1. Counterfeit Products: Halloween decorations, especially those in high demand, are frequently counterfeited. These items are advertised as high-quality decorations but may not meet safety standards, leading to electrical hazards or flammability risks.
  2. Non-Deliveries: Some sellers collect payment for popular decorations that are "on sale," only to never deliver the products. Victims end up paying for items that never arrive, and it’s often difficult to reclaim their money.
Fake Telegram channel selling counterfeit Halloween decorations

‍

Telegram channel selling counterfeit Halloween Mask

‍

F. Halloween Airdrop Scams

A Halloween airdrop scam is a type of phishing scam where cybercriminals use fake cryptocurrency or NFT “airdrop” offers, often themed around Halloween, to trick people into giving up their wallet credentials, personal information, or even direct funds. These scams typically aim to exploit the growing popularity of crypto and NFTs, and they leverage the Halloween season to create urgency or excitement for themed digital assets.

Airdrop scams typically follow a familiar pattern, especially during Halloween:

  • Scammers create a fraudulent airdrop website that mimics a legitimate project's site or social media profile. They promote these bogus airdrops on social media, often using fake identities or impersonating well-known figures in the crypto community.
  • Uninformed individuals, eager to claim the promised free tokens, connect their wallets to the counterfeit site. The fake airdrop site may request users to input private keys, seed phrases, or grant unlimited token access.
  • Once users connect their wallets or provide sensitive information, scammers can infiltrate their accounts and drain their funds.
Fake airdrop event announced on telegram themed around Halloween 

‍

Twitter user @CryptoRugMunch warns that the cryptocurrency meme token $HALLOWEEN is likely another scam being promoted by @og99official and @UndisputedCallz. Investors are advised to avoid trading this token, as a rug pull is anticipated soon.

‍

Twitter user @CryptoRugMunch warns about cryptocurrency meme token $HALLOWEEN

‍

E. Poisoned Candy and Treat Scams

While less common, Halloween has a history of rumors involving tampered candy, with some scammers spreading false claims to incite fear. Although rare, there have been instances where dangerous substances are placed in treats. More commonly, however, scammers spread false stories or videos online, creating panic and causing unnecessary fear.

How Halloween Scams Are Conducted

A. Social Engineering Techniques

  1. Urgency Tactics: Scammers frequently create a sense of urgency, pushing people to act quickly without second-guessing. For example, they may advertise “one-time discounts” or “last-minute sales” on Halloween costumes.
  2. Emotional Manipulation: Some scams leverage themes like “child safety” or “support for local charities” to elicit emotional responses and donations from well-meaning individuals.

B. Malware and Phishing Links

Many scams involve links that lead to malicious websites. These phishing attempts are typically disguised as Halloween discount offers, product giveaways, or event announcements. Clicking on these links may result in downloading malware, which can steal personal information or infect the user’s device.

C. Impersonation of Trusted Brands

Scammers often impersonate trusted brands or retailers, creating fake websites that mimic popular shopping sites. They may copy logos, color schemes, and fonts, making it challenging for consumers to identify a scam. Victims who make purchases from these sites often lose their money without receiving the promised goods.

Impact of Halloween Scams

A. Financial Loss

Halloween scams can result in significant financial losses for individuals and families. Fake costume and decoration websites, in particular, target large numbers of people, resulting in collective losses in the thousands or millions.

B. Identity Theft

Many phishing scams aim to capture personal information, including email addresses, passwords, and credit card details. Victims may experience identity theft and the associated long-term financial impacts, including damaged credit and difficulty securing loans or credit cards.

C. Public Health and Safety Risks

Counterfeit costumes, decorations, and poisoned candy scams pose health and safety risks, especially for children. Low-quality or non-compliant costumes may lead to allergic reactions or injuries, while faulty decorations could result in fires.

Prevention Tips

  1. Verify Website Legitimacy: Always check website URLs and look for secure connections (https://). Avoid making purchases from unknown or poorly reviewed sites.
  2. Use Trusted Retailers: Stick to reputable, well-known retailers when purchasing Halloween costumes, decorations, or event tickets. Be cautious of items that seem unusually inexpensive.
  3. Be Skeptical of Unsolicited Messages: Avoid clicking on unsolicited links sent via email, SMS, or social media, even if they appear Halloween-themed. Hover over links to see the destination URL before clicking.
  4. Confirm Charitable Events and Donations: If asked to donate to a Halloween-themed charity, verify its legitimacy by checking the organization’s registration and background. Avoid donating to causes without verifiable details.
  5. Report the Scam: Notify relevant authorities to help prevent additional incidents.
  6. Monitor Your Accounts: Regularly check your bank and credit card statements for any unauthorized charges.
  7. Inform Your Network: Share your experience with friends and family. This can help them stay safe.

Conclusion

Halloween scams are varied and increasingly sophisticated, using seasonal themes to exploit people’s goodwill, excitement, and purchasing behaviors. By remaining vigilant and following preventive measures, individuals can enjoy a safe Halloween free from scam-related incidents. Awareness and education are crucial, as scammers adapt each year to new trends and platforms. Ensuring that one is informed about these risks and knows how to spot suspicious activity is the best way to prevent becoming a victim.‍

References

‍