Given the popularity of the series “The Walking Dead,” you can bet a lot of zombies will be shuffling about on October 31. But trick or treaters aren’t the scariest thing about Halloween anymore. Your inbox can be a much more frightening place, and IT security managers are bracing for the next annual wave of haunted hacking tricks from cybercriminals. Just like a zombie, these attacks can infect you if you don’t keep them at arms’ length. ThreatTrack Security’s communications and research analyst Jovi Umawing tells us about five tricks you should look out for in the days and weeks leading up to Halloween.
Click through for five nasty cybersecurity tricks you’ll want to avoid this Halloween, as identified by ThreatTrack Security.
Fake Halloween gift card offers have hit email in each of the last few years. Targets are offered free Halloween gift cards, supposedly in return for signing up for a new credit card, often from a high-interest rate card issuer. This is in fact a scam to harvest your personal and financial information for criminal use at a later date. The data doesn’t even go to the legitimate credit card issuer referenced.
Joke emails and comedy animations in the form of a desktop widget are loaded with a hidden backdoor. Variants of the infamous Storm Trojan worm used this trick.
Beware emails with malicious attachments that pose as supposed Halloween party invitations. Even if you receive an invite from someone you know, proceed with extreme caution and preview all hyperlinks before clicking on them.
Hackers engineer fake postings on Google that point browsers toward websites infected with malware or which peddle scareware. Be careful when shopping for your costume or for Halloween decorations. Search terms such as Halloween costumes, pumpkins, ghost stories, or Halloween games may be especially tricky.
Links that are distributed via social networking sites, such as Facebook and Twitter, from compromised accounts also pose a risk. Scammers may disguise the true destination of a Web address in these cases using URL shortening services.