Trick or Treat: Bitdefender Labs Uncovers Halloween Scams Flooding Inboxes and Feeds

Every October, inboxes and social feeds light up with haunted discounts, candy giveaways, and spooky deals. But behind the pumpkins and promise of free treats, cybercriminals are hard at work.

One Theme, Many Traps: Scams Across Every Channel

Halloween-themed scams aren’t confined to a single channel or audience. Bitdefender Labs’ research shows that cybercriminals blend multiple fraud tactics into one seasonal wave, casting a wide net that targets nearly every type of internet user.

In this year’s campaigns, scammers didn’t stick to one formula. They mixed fake retail sales, cryptocurrency bonuses, brand giveaways, and even dating lures — all wrapped in Halloween imagery designed to catch attention.

Between September 15 and October 15, 2025, Bitdefender Labs researchers detected a global surge in Halloween-themed phishing and scam campaigns — from inbox-baiting emails to sponsored social media ads distributing malware.

Here’s what they found.

Email Scams: When “Free Treats” Come with a Trick

Bitdefender Antispam Lab flagged emails designed to mimic brands like Walmart, Amazon, and Home Depot, promising free candy boxes, skeleton decorations, or costumes.

At first glance, they look legitimate, but these messages lead straight to phishing pages and scam websites. According to Bitdefender telemetry:

• 37% of Halloween-themed spam was benign marketing lures.
• 63% were outright phishing or scams designed to steal credentials or money.

Who’s Getting Spooked the Most?

Our data shows that the United States received 73% of all Halloween-themed spam, followed by Germany (13%) and Ireland (6%). Smaller volumes reached the UK, Romania, Australia, Italy, Canada, and France.

On the sending side, 67% of all Halloween spam originated from servers in the United States with Germany, Singapore, Latvia, and the Netherlands trailing behind.

Popular subject lines include:

• Claim Your Free Walmart Halloween Candy Pack
• Your Halloween Treat Upgrade Is Ready
• Home Depot Giveaway – Spooky Giant Skelly
• Today Only: Free Giant Skelly
• Claim Your Free Metal Ghost Cow from Walmart
• Exklusive Amazon-Prämie
• Ihre Chance, ein brandneues Halloweenkostüm zu kreieren!
• Receive a Free Halloween Candy Variety Pack
• Halloween Fun Starts with This Gift
• Walmart Giveaway – Haunted Ghost Cow

These attention-grabbing subject lines use the promise of free items, limited-time offers, or exclusive gifts to entice recipients to open emails and click on malicious links. Many impersonate well-known brands to gain credibility and exploit seasonal excitement.

The Scams Behind the Subject Lines

• Walmart Candy Pack Scam: Victims are told they’ve won a “Halloween Variety Pack.” Clicking the link redirects to fake page that collect personal and payment information.
• Amazon Costume Survey: Fake surveys promise “exclusive Halloween discounts” or “free costumes.” The real goal is to steal Amazon logins and linked payment credentials.
• Home Depot “Giant Skelly” Giveaway: Offers a 12-foot skeleton decoration, a real viral product, to trick users into completing bogus surveys and make shipping payments.”
• Walmart “Metal Ghost Cow”: Include hidden text about “photosynthesis” — a classic spam evasion technique meant to fool filters — while directing recipients to scam sites.
• “Spook-tacular Singles” Dating Spam: Uses Halloween imagery and fake profiles to lure users into subscription traps.

Bitdefender researchers also spotted a regional campaign in Japan promoting a fake “Halloween Jumbo Lottery.”
The email claimed users could receive 22 free lottery tickets worth 6,600 yen just by registering or logging into the “official lottery website.” The instructions appeared legitimate and even mimicked a real campaign’s tone and format.

The Meta Connection: Fake Ads and Malware Disguised as Halloween Treats

Bitdefender Labs also uncovered a network of malicious Halloween ads running on Meta platforms (Facebook and Instagram), where scammers purchased sponsored placements to promote fraudulent offers and even Malware.

Halloween-themed TradingView Scam Ads

Fake sponsored ads promised crypto users two “Halloween gifts”:

• 1-Year TradingView Premium subscription
• 150 USDC (Tether cryptocurrency)

When users clicked, they were redirected to fake download domains such as desktopappdownload.com — sites distributing multi-stage malware disguised as legitimate trading tools.

Bitdefender Labs has been tracking this malware since April 2025, following an extensive malvertising campaign that used mass brand impersonation of trusted cryptocurrency exchanges and trading platforms such as Binance and TradingView.

The infection chain is highly sophisticated, operating in several stages as previously explained in here. The additional payloads silently dropped after the victim downloads the trojanized app are designed to steal browser cookies, authentication tokens, and cryptocurrency wallet data.  The malware also connects to a command-and-control (C2) server allowing it to receive updates or new modules, that enable data exfiltration and persistent access. The malware also features sandbox detection, evasion mechanisms, and frequent code updates, showing active development and global reach.

Meta transparency data revealed the campaign targeted European users (Bulgaria, Croatia, Romania, Slovakia, Slovenia) aged 18–65+, confirming its regional precision and broad age targeting.

Even when Meta flagged and removed some ads for “not meeting transparency requirements,” duplicates reappeared under new accounts hours later.

Fake Retail Ads: Deichmann and Steve Madden Impersonations

Other Halloween-themed scam ads used fashion brands to lure consumers with “up to 80% off” deals.

• A fake Deichmann ad redirected shoppers to a cloned online store harvesting payment data.
• A “Steve Madden Bag Sale” ad also lured unwary shoppers with $3.99 handbags. Once the users accessed the link they were directed to a fake website.

Both domains used stolen product photos and other brand imagery.

Why Scammers Love Halloween

Holiday periods are prime time for cybercriminals because:

• Consumers expect promotions, lowering skepticism.
• Brands increase marketing, making impersonation easier.
• Emotions like urgency, reward, and trust drive impulsive clicks.
• Ad networks and email filters are flooded with legitimate campaigns, allowing bad actors to blend in.

Whether it’s a fake giveaway, a “Windows-only” crypto offer, or a too-good-to-be-true discount, the goal is the same: harvest data, install malware, and profit before detection.

 How to Stay Safe from Halloween Scams

• Don’t click seasonal “reward” or “giveaway” links in emails or social posts.
• Check sender domains and URLs. Official retailers and platforms never use random subdomains or unrelated email addresses.
• Avoid downloads from ads. Trading platforms or retailers do not distribute installers through sponsored Meta posts.
• Verify suspicious messages using Bitdefender Scamio — a free AI-powered scam detector that checks links, emails, and screenshots. Check links with Bitdefender Link Checker.
• Enable Bitdefender’s antispam and real-time protection to automatically block phishing, impersonation sites, and malware payloads before they reach you.

From fake candy boxes to phony crypto gifts, Halloween 2025 proves that scammers are as creative as ever. Their lures may adapt to the season, but their motives never change: to trick users into giving away data, money, or hand over access to devices. So, when it comes to online safety, the scariest threats this Halloween aren’t supernatural — they’re socially engineered.

Grab a Bitdefender all-in-one security suite to fend off all the Halloween nasties you may unknowingly meet online.