Back in the good ol’ days of Halloween, you only had to worry about your house getting egged or your big brother stealing the good candy. Halloween tricks have moved online, and along with any significant event or holiday, this spooky celebration marks an increase in malware. Cyber ghouls pull out their bag of tricks – rogue apps, scams, and email attachments, to name a few classics – all to get unsuspecting people to click on a link in order to steal credentials.
Here are a few tricks to be aware of:
Bad video links and rogue apps
In the weeks before Halloween, searches for holiday-related items like costumes and pumpkin carving increase. This example of a search for “Halloween costume make your own” came from Glen Newton of Wired’s Innovation Insights. He wrote,
The website that came up at the top of the list has a link to a video that promises to show you how to make one for under $15 in materials, requiring only basic sewing skills – just what you were looking for. You click, and there it is, but the video doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click.
You can guess what happens next. No, someone in a Ghostface is not looking in your window. Rather, when you click to download, a warning pops up that your PC is infected with multiple instances of malware. But don’t you already have virus protection? You immediately assume that it’s not working, plus you remember that you haven’t backed up your files in months (cue the Psycho music). Panic ensues.
The scan window…show(s) you third-party software that can remove the malware… Fortunately, it’s not a budget breaker: $39.95 for a year’s license. The web page includes graphics that show several certifications with which you’re unfamiliar, so you figure it must be safe.
Instead of finding out how to make a costume, you end up selling your soul to the devil. Well, not quite that bad – but you give personal information and your credit card number to buy a malware removal program. After the purchase is made, you still can’t access the video. Meanwhile, the personal information and credit card data you gave away is being sold to the highest bidder on underground crime webs, and your real antivirus has been disabled and replaced by malware that the crooks can use to control your computer. Talk about a Nightmare on Elm Street…
Read the whole article from Wired.
AVAST Tip: Only visit websites that are established and reputable, and keep your antivirus software updated. (And remember, vampires can only enter your house if you invite them!)
Some old-fashioned tricks that have made the jump from darkened parlors to cyberspace are virtual voodoo dolls, fortune-telling, psychic readings, and spell casting. There are good and respectable “intuitive consultants” (as some psychics prefer to be called) that are able to help others. For every good one, there are a plenty who con people to only get their money.
A typical M.O. of scammers is to use multiple sites with similar content. So if you see a site for Voodoo Queen Mumbo Gumbo who is offering a buy one spell, get one free, and you see 12 others with similar content, then forget about it.
“It’s a new twist on an old idea,” said Nicholas Little, legal director of the Center for Inquiry to the Toronto Sun yesterday. “It’s easy to hide your identity on the Internet, so people are willing to try scams online that they would never be willing to try in person.”
AVAST Tip: Never pay for a service or product that you are not sure of or you do not want. (A money-back guarantee for spell casting is not a good sign!)
Tricks and tactics are also moving from PC to mobile. For example, phishing attempts that used to come via email may now show up as a text message, and compared with desktop users, mobile users are three times more likely to submit private information once they access a phishing website. The result is the same – your personal information will be at risk.
For example, PayPal has recently been used by cybercrooks in a phishing scam. These emails or texts ask for your username and password, but you are not logging into your PayPal account. You just handed over your credentials to cybercrooks.
AVAST Tip: Never reveal personal information in response to a solicitation. (Handle eye of newt, toe of frog, wool of bat, and tongue of dog with care.)
Social media scams
Social media sites like Facebook and Twitter are notorious for spreading fake Halloween gift cards, e-cards, and links to bogus games or phony video clips. Just as in the examples above, once you click, your computer can get infected and cybercrooks will have access to your personal information. At the very least, your account can be hijacked and used to spread the scheme. Since your friends and family think the message is from a trustworthy source, they open the link, spreading the attack further.
Eduard Kovacs, on the Softpedia blog, warns about several freebies and giveaways related to Halloween.
On YouTube…scammers have set up videos entitled something like “Get Free $1,000 Visa Gift Card for Halloween Customers GIVEAWAY.” The links from the video’s description takes users to a scam site that instructs them to hand over their personal information, and take part in all sorts of shady surveys in order to win prizes.
On Twitter, scammers are promising “FREE Halloween Candy.” On Facebook, users are lured to scam websites with advertisements that read “Prepare for a spooky Halloween with a free candy bundle!”
AVAST Tip: Avoid clicking on free offers if they sound too good to be true. If you see one of these messages from your friend, please ask them to delete the spam. (If your best friend suddenly grows fangs, gets really hairy and tries to eat you, he might be a werewolf. Run.)
Don’t let down your guard
Buckle up guys, you haven’t seen anything yet. Just wait until next month’s Black Friday and Cyber Monday!
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.