I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David Harley has mused here about the oh-so-close-to-English-sounding scams which – through unfortunate translation – take on surly or just plain weird connotations. Apparently, Google translate only goes so far.
A perennial favorite for scammers is the targeted holiday. Now Halloween isn’t as popular among shoppers as Christmas, but any occasion to launch an event-driven target scam will be exploited, as we’ve seen in the Black Hat Search Engine Optimization (BHSEO) surrounding Ghaddafi’s demise. So what can we expect this season?
Top of the heap is Phishing scams with special offers that expire by Halloween. Not just scam software, but offers to “click here to receive a coupon to redeem at your local Wal-Mart” and variations on the Groupon vibe that’s become popular recently. Of course, clicking the “unsubscribe” link at the bottom of the email only confirms you as a target, sort of a read receipt for scammers. Also, be on the lookout for fake Facebook notifications asking you visit/join/comment on Halloween related material. For instance, a scammer might ask you to join a “Wal-Mart half-off for Halloween promotional group” or some variation. When you click on the link, you’re spirited away to a fake site which harvests your username/password, and now the scammers have access to your account.
Of course there’s always the old-fashioned physical threat. After all, there are people walking around dressed in disguises and carrying bags, presumably half-full of candy. It would be easy to imagine a would-be thief getting a good look around at what you have with a mind for future theft – maybe peering in through your front door and noticing the style of locks installed. A cheap costume would be a good way to ensure you don’t recognize them during future endeavors, and a bag could carry a multitude of tools of the trade.
Of course, the scariest scam of all is David Harley dressed as the Grim Reaper, but his belly-level guffaw is an awful maniacal laugh – alas, the demise of the ruse.
Footnote: Practical tips on avoiding phishing-style scams are available from both the FTC and the APWG:
Author Cameron Camp, ESET