What’s the Phishing Scam Equivalent of Your Favorite Halloween Costume?

It’s the spookiest time of the year again, where the young and young at heart alike get all dressed up in the wackiest and wildest costumes they can dream up[...]
By Daniella Balaban
image October 28, 2021 image 4 MIN READ

It’s the spookiest time of the year again, where the young and young at heart alike get all dressed up in the wackiest and wildest costumes they can dream up. This year, we’re highlighting a round-up of five kinds of Halloween costumes that you might see on the streets, and comparing them to five much more frightening realities – types of phishing scams!

Consider these while you’re stocking up on fun-size candy bars this year, as the kinds of spooky visitors that we’re afraid of don’t offer treats with their tricks!

1. The “on trend”

security awareness trainingWhether it’s the latest Netflix sensation, something eye-wateringly political, or an item from the news, you’re always bound to see costumes that will spring into fashion for one year only, and then never be seen again. This year, we’re expecting an overload of hot pink Squid Game imitations, awesome Simone Biles costumes, and probably the odd Trump wig leftover from last year.

Cyber attackers also keep their eyes on the news, looking for the “Latest Big Thing” that they can capitalize on. When something hits a hot topic, it’s much more likely to get your attention, so keep your eyes peeled for topical headlines in your inbox, whether that’s Black Friday offers that seem too good to be true, or coronavirus-related scare tactics.

2. The “old faithful”

On the other side of the scale, some costumes just never get old. These kinds of outfits can be spotted year after year, and will be on sale in shops even out of season, covering all the usual favorites such as superheroes, animals, and scary regulars like witches, zombies, and vampires! There’s a reason why it’s worth investing in a good pair of cat ears, that cute little nurse outfit, or an all-in-one King Kong, and that’s because (while they won’t be going viral anytime soon) they get the job done.

The same is true for phishing scams. Not every phishing scam is super clever – in fact, many are surprisingly obvious. But when attackers send them at scale, they aren’t looking to impress everyone or even do anything shockingly intelligent. They just want to get a small percentage to be distracted enough to click. And year after year, just like the costumes, these scams also hit their mark.

3. The “scariest of them all”

Phishing ScamWe know it’s Halloween, (and if you can’t scare the pants off people during Halloween, when can you?) but some of today’s scariest costumes are a far cry from the plastic vampire teeth and paper masks of our childhoods! Gone are the days where you could cut eye holes in a sheet and call yourself a ghost. Look outside your window this All Hallows’ Eve and you’ll see small children with axes embedded in their skulls, terrifyingly creepy clowns, and truly realistic zombies that will have even the bravest amongst us struggling to fall asleep at night!  

Halloween-enthusiasts aren’t the only ones trying to scare us out of our skin. Attackers realize that when we’re scared, we don’t make great decisions. In fact, we are more likely to act quickly, rashly, and without giving a situation its due consideration. That’s why phishing scams are likely to include an element of urgency or fear, such as “X person is in trouble and desperately needs help” or “Warning: your account is at risk.” Whenever an email is telling you to act quickly, let this be a signal for you to stop and think. 

4. The “red carpet appeal”

As many scary costumes as you see, you’re bound to find plenty that look to dazzle instead of frighten. Feather boas, glittery dresses and waistcoats, entrancing make-up, and more – these are meant to pull the eye away from the rest of the crowd, and get you pointing out the glitz and glam to your friends and neighbors.

While people might run from what scares them, they run towards what appeals! This is exactly why many phishing scams use the psychology of attraction rather than fear, such as once-in-a-lifetime offers, free gifts, holiday vouchers, and even cold hard cash. The chances are, if it seems too good to be true it’s just as fake as the costumes. If you fall for these particular charms, the next day you’ll be regretting more than just the pumpkin spice punch!

5. The “double take”

security awareness trainingEver see such a good costume it makes you wonder whether the person in question is even dressed up? If you walked by that police officer or firefighter on October 30th, you’d never stop to wonder if their uniform was real! And hey, that guy really is a dead ringer for Justin Bieber… In fact, should you ask for an autograph, just in case?

People often wrongly assume that a phishing scam will be obvious, and as long as you check the URL seems legit, and look out for typos and grammatical errors – you can’t fall victim to a scam. As hackers become increasingly persistent, organizations need to prepare themselves for the unexpected. The only way to stay safe is to ensure training is repeated regularly and often, triggering employees by exposing them to a large variety of both old and new tricks, and obtaining feedback that is accurate and timely to allow you to reduce your employee risk landscape.

This Halloween, if you’re hoping the expression “OMG this is terrifying!” can be kept firmly out of the IT department, reach out to talk about security awareness training for your employees!

4a34e52d-562b-4e1e-8b71-5c005a7559a9