The perfect time for hackers to catch us off guard.
And so it begins. The countdown to Halloween in the age of cyber. Ghouls and goblins are joined by hackers and attackers with a torrent of Halloween-themed phishing emails and online scams.
Hackers know people let their guard down around Halloween, and the office is no exception. From Halloween parties to best costume awards, workplace culture transforms from professional dress and decorum and gives way to excitement and distraction. A perfect opportunity for cyber crooks to catch people focused on fun.
There are the bogus invitations and Halloween costume sales. How about that Halloween e-vite from HR or the boss, outlining the dos and don’ts for costumes? Or that signup list for spooky treats? The email here? It looks real, but it’s not.
If you receive a Halloween-related email…
Make sure to check the sender address. It may be tempting to click through immediately, but you may end up with a trick that’s far worse than Halloween hijinks. Not sure about your company’s costume policy? Ask. Will there be an office party? Ask. Spooky can turn into a business catastrophe if someone clicks on a malicious link.
Here are some common Halloween scams:
- Halloween sales! Be wary of price cuts on costumes, special offers, and coupons. Only do business with reputable retailers.
- Buying costumes online. Search for reviews and hover over links, although links that look valid can be misleading.
- Halloween eCards from someone you know for you to download or links to send you to malicious sites to collect your information. Check with the person who supposedly sent you the card before clicking on anything.
- Social media “horror stories”, quizzes, humor? Just don’t.
- Counterfeit tickets to Halloween events are another well known scam.
If you think you would never fall for these scams, think again, as millions each year do.
Business executives: take stock of your team’s security awareness now
Have your staff take the Phish Quiz Challenge at https:/phishgoggles.com/swipeit. We are a cybersecurity firm so the link is safe, but don’t even take our word for it. Search for Phishgoggles and go to the site. Scroll down a bit and you’ll see the Phish Quiz. It’s a good, 2-minute indicator of how well your staff can distinguish between real and phishing emails.
A culture of security where awareness and alertness become second nature is not a one and done training program or even quarterly. Ample evidence shows that continuous, year-round reinforcement is the best way to manage cyber risk, and a program implemented for you removes the extra workload.
A breach is too likely and too expensive to risk. What is the cost if all your company data was encrypted or sold? Prevention is always better than the cure. Take a look at Phishgoggles Security Awareness.