Halloween is a focus for many hackers when they wish to launch new cyberattacks and scams to fool internet users into revealing their personal data. They aim to drain a personal or business bank account of data and then reap the rewards that can be gained from identity theft. Halloween-Themed spam attacks are typical in the run up to Halloween.

For SpamTitan, Halloween is a busy time with many new Halloween-themed spam and phishing scams identified. This holiday time is expected to be no different. Many new Halloween phishing scams can be expected to be kicked off this year as cybercriminals try to take advantage of the unprepared.

The focus of all of these spam emails is to get users to hand over their personal information, such as account login details and credit card details. Often the emails deliver malware and viruses to inboxes, other times they share links to phishing websites that harvest information. It is not always credit card details that the hackers seek. Social Security numbers, dates of birth and other personal data are highly valuable; as are telephone numbers which can be used by scammers to carry out bogus phone calls.

You could be thinking “I would never fall for a phishing campaign,” but millions do. Can you be so sure that your employees will be able to identify a fake email or website, or a sophisticated phishing campaign? Will they be able to identify these scams 100% of the time?

Even if one email turns out to be successful, the damage caused can be massive, as Sean Doherty, senior engineer with SpamTitan Technologies outlines. “To date it is estimated that over $40 billion has been lost to 419 scams alone.”

Given the massive sums of cash that criminals can obtain from these emails, it is clear why the threat is growing and more and more campaigns are initiated every year. If a scheme is profitable, it will be repeated and new campaigns are sure to be developed.

If criminals did not gain from these types of scams, they would very quickly stop using them. However, the reality is they do, as Doherty remarks: “These scam emails continue to exist and grow in frequency and ferocity. The simple fact is that these scams wouldn’t be repeated if they didn’t reap rewards for the cybercriminals.”

All that it needs is for an absent minded employee to visit on a Twitter link that directs them to a phishing website, and malware can be automatically installed to their computer. Following that, a network can be infiltrated. Data is then stolen, deleted, or encrypted and only released when a ransom is met. The cost of cyber attack resolution can be huge. If all of your company data was suddenly encrypted, would you meet a ransom demand to get it back? Would you have any other option?

Remain on the lookout for scams, phishing campaigns, and unknown email attachments, and ensure all of your security software is up to date.