Don’t Go In the Attachment: 5 Security Reminders in Honor of Halloween

Do we really need another Halloween-themed security blog?

Yep. We do. Not because our edgiest holiday triggers more cyber threats. No, Halloween season is scary because it’s been absorbed by the winter holidays—the spendiest, cyber-riskiest time on the retail calendar, beginning in mid-September and lasting until…it ends, right?

The spike in online shopping means, of course, a spike in scams. Thus, a few reminders can help. Pass them along to anyone who could use a quick refresher.

Reminder #1: never click on links or attachments you can’t verify.

Phishing attackers use them to deliver malware. Even if you know the sender but weren’t expecting the attachment or link, contact the sender and verify anything before you open it. An ounce of inconvenience is worth a ton of pain.

Here’s an example sent by a seemingly reliable source, the HR department. It shows simple and deceptive phishing emails can be.

Reminder #2: Practice good cyber-hygiene on your multiplying devices.

For any phone, tablet, laptop, etc. you use for holiday shopping, keep your operating system and all software applications current. Download anti-virus/anti-spyware software and configure automatic updates. Secure your home Wi-Fi with a strong password.

Reminder #3: Look for “HTTPS” and the lock symbol in your browser’s URL field.

The ‘s’ in HTTPS stands for “secure.” In other words, communication with the webpage is encrypted. If you don’t see this, don’t enter any login credentials or personal or financial information.

Reminder #4: Don’t use public computers or public Wi-Fi when you shop online.

Public computers may be infected with malicious software. And public Wi-Fi is open and insecure, making the criminal’s job too easy. It’s okay to surf when you shop at the mall—just don’t make online purchases.

Reminder #5: Enable two-factor authentication on all online shopping accounts.

If the site you’re on offers two-factor authentication, enable it. 2FA shields your account from someone who steals your password but lacks the second identifier—an answer to a security question or a number to call or text.

It’s all basic stuff—and all worth remembering as the days grow shorter and the risks get bigger. Be safe and enjoy the looooong season!

Don’t miss another threat – subscribe to our no-cost subscription service PhishMe® Threat Alerts today and receive real-time updates on new and emerging phishing and malware threats, delivered straight to your inbox.

Viewing Phish with a Payload using PhishMe Intelligence and Maltego
Oh Behave! – Simulation Analysis

Leave a Reply