In last month’s State of Spam report, Symantec discussed the early signs of holiday spam that contained messages related to Halloween and Christmas. In September, researchers at Symantec intercepted multiple attempts by spammers to hijack the subject of Halloween festivities in an attempt at grabbing personal information from email users, as well as selling online meds. In product promo spam related to Halloween, spammers are offering free gift cards of various denominations towards the purchase of products. Various online surveys are also offered, which claim to give out gift cards with participation. Clicking on these offers takes users to a website where wide a range of their personal information—including email address, postal address, and phone number—is gathered. Below are various subject lines used in promo messages: Subject: Which kind of <removed> do you prefer? Subject: Get your Halloween treats early from <removed> Subject: Halloween Theme Park survey and receive $500 Subject: Go on a $500 Halloween shopping spree Subject: Your $500 Halloween shopping spree Subject: Annual Halloween Sale Subject: Get a 120 Ct Bag of Brand Name Halloween Candy - On Us! In other spam samples, subject lines related to Halloween are being used in an attempt to sell health-related products. The URLs provided in the messages lead users to open an online pharmacy store. Subject lines used in health spam are as follows: Subject: Hurry for Halloween sale Subject: 80% cut on Halloween Subject: Halloween great offers Subject: Halloween sales Subject: Biggest deal this halloween Subject: Halloween discount This is not the first time that spammers have used holidays or festivals for pushing promotional emails into a user’s inbox. Earlier we observed product promos selling replicas, pills, jewelry, or spreading malware through e-cards for various occasions such as Valentine’s Day, Christmas, or New Year’s Eve. Since there are still a few weeks to go until Halloween, closely followed by the larger holiday seasons, spammers will certainly attempt to push various offers into users’ inboxes. Users are advised to ignore any unsolicited and unexpected emails originating from an unknown source to avoid personal information being jeopardized. For now, we are closely monitoring attacks targeting upcoming holiday seasons.