3 Spine Chilling Cyber Threats To Set The Mood For Halloween

Navigating the cyber threat environment is scary business. With Halloween and all of its ghostly, ghoulishness upon us, this is the perfect time to assess the threats in your environment and your ability to ward them off.

Modern hackers have plenty of “tricks” (and, sadly, very few treats) up their sleeve to deceive employees into opening doors to networks and bypassing conventional security solutions. These include:

Phishing

Phishing is particularly cunning. According to CloudPages, there are three types of phishing scams, and all involve trickery of some sort:

The most common phishing technique? Deceptive phishing — a scam that sends email messages that appear to be from a recognized source, asking potential victims to confirm personal information or log-in through a different portal. Often, the emails come with a sense of urgency – warning either of potential charges or benefits if the recipient doesn't click.

Spear phishing may be the trickiest phishing tactic of all, since scammers use easily accessible personal information gleaned from social media and other sources to direct their request to specific targets, scoped out in advance. Experts advise being on the lookout for alarming threats that are designed to make you panic and respond based on fear.

The third type of phishing scam is CEO fraud. It scams anyone within a company who has the power to enact payments or provide vital information. Cyber criminals assume the identity of an authority figure within an organization and request a payment by making a request to the accounting department.

Whaling

Similar to phishing (but perhaps more alarming) is whaling — a more advanced, nefarious method for stealing data. According to Government Technology, instead of employees clicking on links or becoming infected with malware, the criminals conduct extensive surveillance and gain the required internet credentials. Then a targeted end user is tricked into making a fund transfer or authorizing a pending transaction based on an email from their CEO’s personal email account. Super scary stuff.

Evasive Malware

A third frightening cyber threat is evasive malware. In this type of corporate trickery, malware avoids detection by confusing common security tools like signature-based antivirus software into thinking it’s safe. What’s spooky about this type of malware is its ability to behave in benign ways while being observed.

Bolster Cybersecurity With Your Own Bag Of Tricks

To safeguard data and systems, companies need to have protective measures and tools in their own bag of tricks. According to Stay Safe Online, this includes training employees to become more cyber-aware — creating strong passwords, not clicking on attachments and URL links in fishy-looking emails, reporting suspicious activities and routinely backing up their work.