Don’t get tricked by cybercriminals this Halloween!

This Halloween, youngsters everywhere will engage in the time-honored “trick or treat” tradition. While this is typically a harmless, fun activity, the same cannot be said for the real “tricksters” at work: the cybercriminals who never take a vacation. In the digital world, cybercriminals and hackers are constantly on the lookout for ways to trick businesses into giving up valuable data, passwords and payments. This Halloween, make sure your business is not the one getting tricked. Here are some common “digital disguises” that hackers use, and some suggestions on how to spot the scams and keep your business from falling for a digital “treat.”

1. Phishing emails

A phishing email is a fraudulent message designed to trick recipients into revealing sensitive information such as passwords or credit card numbers. These emails often appear to come from legitimate organizations such as banks, or popular websites. Hackers may also pretend to be tech support, vendors, or even fellow workers, to steal login details. These emails may look convincing, but those “urgent” messages asking you to reset a password or confirm an invoice often are hiding malicious links – and once clicked, providing hackers with access to your company data.

Don’t get tricked! First, double-check the sending party’s email address. Hover over any links before clicking, and never, ever, ever download attachments you are not expecting. When in doubt, verify the authenticity by either calling or emailing the sending party separately. Unless you are certain an email is legitimate, avoid it.

2. Fake Invoices and payment requests

Cybercriminals often impersonate vendors or executives to trick employees into wiring money. A convincingly worded email purporting to be from the CEO may look legitimate, but be careful. Is it likely that your “boss” is going to ask you to wire $35,000 to an address without speaking with you first? Always verify payment requests with a known and trusted contact. Do not rely upon an email alone.

3. Business email compromise (BEC)

Similar to above, hackers may “spoof” a CEO’s address to request confidential information or emergency transfers. There is a story of a firm where a well-meaning but overly trusting employee sent thirty-five confidential employee records (including Social Security numbers) to what the employee believed was a trusted company partner, but it fell into the hands of hackers. If something feels off, confirm it through another channel like a phone call or direct message. Remember, hackers have improved their communication skills significantly. It used to be easier to spot the fake messages because of poor grammatical construction or misspellings. It is important to be more vigilant than ever.

4. Malicious attachments and links

Beware of attachments with seemingly normal subject lines such as “HR Documents,” “Payroll Update,” or “Delivery Notice.” These can contain malware, which allows cybercriminals to wreak havoc on your company’s data. Do not open anything that you do not recognize. Delete suspicious messages, and alert your IT team immediately,

5. Password updates can help avoid being “tricked”

How strong are the passwords that you use at your company? It is unfortunate that many people do not put a lot of thought into using strong passwords. Common weak passwords include simple sequences like "123456," dictionary words like "password," and personal information like names and birthdays. Other examples are repeated characters like "111111" or "aaaaaa," keyboard patterns like "asdfgh," and slight variations of these that are still easy to guess. These are weak because they are predictable and can be quickly cracked by hackers using automated tools. Change your passwords regularly and be sure that they are strong enough to make it more difficult for the experts to crack. A hacker can crack a weak password almost instantly, often within seconds or minutes, using common automated techniques. This is because weak passwords lack sufficient length, complexity, and randomness. 

Require strong, unique passwords and enable multi-factor authentication (MFA) wherever possible.

6. Unsecured Wi-FI and remote access

When you are away from the home or office and traveling, it can be tempting to use the public Wi-Fi at a hotel, a coffee shop or other public building. These are generally unsecure networks and your information is potentially accessible by other people – especially hackers. Some call public Wi-Fi the hacker’s paradise. Treat yourself to some protection by instead secure using VPNs (and especially for remote workers). Don’t be tricked by cybercriminals. Not every use of a public network results in being hacked, but do not be the one who is.

7. Outdated software or systems

If your computer runs in old systems without staying current on your updates, it is an open invitation for hackers. Avoid this potential problem by scheduling regular updates for your operating systems, antivirus programs, and firewalls.

8. Fake pop-ups and software updates

Do not trust pop-ups claiming that your system is infected, or “needs an urgent update.” These are classic tactics of cybercriminals. Creating a sense of urgency is one of the tricks of the trade of cybercriminals. Only update software from official vendor websites – or from your cybersecurity provider partner.

This Halloween, why not treat yourself to a conversation with a trusted cybersecurity partner?

Do not be an easy target! Keep up your guard against digital tricksters. Be sure to conduct ongoing training of employees, remembering that 90% of intrusions into a network come from human error. Exercising caution can save your business from serious losses. Train your team. Verify before you click. And remember, not everything that arrives in your inbox is a treat.

Do not take chances on your company’s future. We can help with your concerns. We can help you understand the risks and the ways to mitigate them. If you are looking for network protection, or if you just want to have an initial conversation, please visit https://pulsetechnology.com or give us a call at 888-357-4277. We are here to help! May your Halloween be filled with treats and no tricks!