Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Don’t Let Halloween Haunt You

Created: 18 Oct 2010 13:03:39 GMT • Updated: 23 Jan 2014 18:24:26 GMT • Translations available: 日本語
Samir_Patil's picture
+1 1 Vote
Login to vote

Halloween is drawing near, so the spammers are busy laying out bait in the form of Halloween jackpots, sweepstakes, gift cards, e-cards, personalized gifts, online contests, and even print products and costumes. Perhaps this is one of those seasons during which people—both young and old—celebrate with full gusto. Unfortunately, this type of popular event brings with it a whole host of malicious circumstances on the Internet that people are being enticed to fall for. For it is common knowledge that where people show some vulnerability, spammers are not far behind!

Below are some of the subject lines being used in the latest spam messages:

Subject:”xxxxx” Halloween Series Campaign Vol1
Subject: Halloween Treat Bags, Home Decorations, and More
Subject: Open this! $1 Million Prize
Subject: Halloween Special! Up to 85% off ink and toner
Subject: Halloween E-card - no cost
Subject: Low Price Sexy Halloween Costumes SALE !!! Free Shipping , Free Gift

Let’s discuss a related spam sample. Below are a couple of subject headers that will help you to identify this particular genre of spam. It is known as “make money fast” (MMF) spam:

Subject: Open this! $1 Million Prize
Subject: Win millions this Halloween!!!

When the link provided in the associated message body is clicked, the user is directed to a signup page that harvests users’ email addresses. It goes on to ask the user to disclose sensitive personal information. If the user carefully reads the information given at the bottom of the email, he/she will realize that the spammer has tried to camouflage this attack by saying that an advertising agency is trying “to provide end users with an opportunity to apply for their product,” but that’s a BIG FAT LIE. If the user looks carefully at the URL, he/she will recognize that the URL mentioned in the message is spoofed. Below are some snapshots of this spam:
 


 

Woe to the person who is lured into giving up their email address, for they will be swamped by loads of spam! Don’t let Halloween haunt you for the rest of the year. Play safe, because there is no Santa on the Web distributing freebies!

Symantec advises users to update their anti-spam signatures regularly to avoid having their personal information compromised.

Note: Thanks to Christopher Mendes for his contributions to this blog.