Don’t be fooled, the cybercriminals offering an unexpected treat are out to trick you this Halloween season.
One of the scariest threats facing individuals and businesses alike this spooky season is phishing scams. Much like children in costumes coming to the door to ask for candy on Halloween, cybercriminals disguise themselves to trick people into providing sensitive information including usernames and passwords, and more. Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, is sharing its top tricks to keep cybercriminals from haunting you down.
It’s important to remain vigilant and learn the telltale signs of phishing attacks in order to prevent falling victim to them. Cyber witches often use the following ingredients in their phishing potions:
#1 Urgent language: Phishing attempts will often contain language that displays a sense of urgency. This is because the cybercriminal wants the targeted victim to act as quickly as possible, so they don’t second-guess themselves when sending their personal information.
#2: Discrepancies in email addresses and domain names: Another indicator is if an email claiming to be from a boss, coworker or company, has an email address and domain name that doesn’t match who they claim to be. The email or web address may have a subtle difference, such as an o replaced with a 0 or .com replaced with .net.
#3 Requests for personal information: Sudden requests for personal information are also a common phishing attempt indicator. If you receive an email, text message or phone call from an unknown number claiming to be a company or someone you know, think twice before giving out your personal information– especially if you weren’t the one who initiated the conversation.
#4 Misspellings and grammatical errors: Another common sign of a phishing attempt is when the message includes misspellings and grammatical errors. Before companies send out emails to customers, they go through multiple rounds of reviews to ensure there are no errors. If you receive an email claiming to be a company or individual and you notice errors, it’s best to not click on anything in the email because it could be a phishing attempt.
Unfortunately, bad actors enjoy cybercrime as much as your children enjoy costumes, but there are a few not-so-spooky measures you can take to protect your accounts, financial data, sensitive documents and identity secure from haunted hackers this holiday season.
#1 Think before you click: If you receive unsolicited links and attachments through email, text message or other messaging platforms, do not click on them. These links and attachments may contain malware that can steal your sensitive information or spy on you. If you’re not sure if a link is safe, hover your mouse over it to see the full website address or use a safety checker like Google Transparency Report.
#2 Use a password manager: A password manager helps you create, manage and securely store your passwords, but also provides a built-in warning about phishing sites. A password manager saves the web address with your login, so if your information does not autofill, that means you’re not on the authentic website.
#3 Use an email scanner: An email scanner is a tool that scans email attachments for potential malware. Investing in an email scanner will also help protect you from email phishing attempts by identifying dangerous attachments.
#4 Enable multi-factor authentication on your accounts: Your accounts should not only be protected with strong passwords, but also have Multi-Factor Authentication (MFA) enabled whenever possible. MFA requires that the user provide one or more forms of authentication in addition to their username and password. Even if you did fall for a phishing attempt and reveal the login credentials to an account, having MFA enabled would prevent a cybercriminal from being able to access it. #5 Reach out to the company or individual another way: Whenever you receive an email, text message or phone call that makes you question whether or not it’s legitimate, contact the individual or company directly through another method of communication. If they say the message isn’t from them, then you just avoided becoming a phishing victim.