• ESET Expert

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween


Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond.


Trick or treat, it is Halloween! The day has come when children knock on your door dressed in scary costumes and ask for a treat. Be ready…or a spooky spell will be cast upon you!

The real danger, however, doesn’t knock on the door. Hackers, imposters and scammers of all ilk are looking for you in all corners of the internet, and all they want is to trick you into giving away your personal data or money.


With Cybersecurity Awareness Month ending on the last day of October, it’s a good time to look at some common ways your personal information could be at risk (not just this Hallow’s eve!) and offer up some sweet treats to help you and your family avoid falling for hackers’ tricks.


Self-defense against scammers’ tricks

Trick #1: Fake websites

vs.

Treat #1: Recognizing phishing attacks

So someone messaged you on Instagram about an amazing Bitcoin deal. Awesome! And is it just as simple as clicking a link? Even better. Or not? Let me guess, it will take you to a site that looks super professional and convincing and there’s a place to enter your credit card details to get started? Yes? Then that’s most certainly a scam. And it becomes even harder to tell right away if a website is real or when it’s a fraudulent version of well-known crypto exchanges.

In order to avoid falling for scams involving fake websites, especially those that request your personal information or banking details, make sure to:

  • Avoid clicking on links in unsolicited messages, doubly if the message came out of the blue and uses a generic salutation.

  • Don’t ever feel rushed into taking an action.

  • Watch out for misspelled domains and once on a website, use common sense to look out for other red flags, such as suspicious grammar mistakes or low-resolution images.

  • Consider manually typing out the website’s address into the browser bar and/or try Google’s Safe Browsing site status tool or VirusTotal’s URL checker to help check that the domain is safe.

  • Use websites with HTTPS (the green padlock to the left of the URL), especially on sites that request login or credit card details, to protect your data while it’s being transmitted from your web browser to the web server. Remember, however, that this alone is not a panacea as many phishing sites use HTTPS, which encrypts data with the TLS/SSL protocol.

  • Look for a privacy policy that guarantees your rights under GDPR or local regulation in case you do decide to give your personal info. The absence of such a policy should set alarm bells ringing.



Trick #2: Bogus banking apps and risks on online marketplaces

vs.

Treat #2: Extra caution with online transactions and mobile banking

Doing online shopping is so easy that we tend to forget about its risks. We tend to easily give our credit card details to online retailers, link our PayPal accounts, and send money from Cash App or Zelle. But as we have more tools, tricksters have more opportunities to deceive us.

So if you’re making any online transaction and want to stay safe from mobile banking risks, there are a few things you should always do to protect yourself:

  • Avoid downloading finance apps from third-party app stores

  • Instead, install apps from official stores (Google Play and App Store). Even before you do, however, check the rating, the reviews, and the number of installs.

  • Keep your device updated and use a reliable mobile security solution.

  • Double down on your security is by enabling two-factor authentication (2FA).

  • If you are selling something online, say on Facebook Marketplace, be sure to accept payments only via reputable services such as PayPal and always keep the conversation on the app you’re using for the sale as proof of scam, if needed.

  • Banks won’t send you random verification codes out of the blue and then call you to ask for the numbers. This is a scam to gain access to your account.

  • If possible, create virtual cards that you can use for online shopping. This will stop your real credit card number from being leaked if there’s a data breach. Some banks also allow the creation of single-use virtual cards for one-time purchases.

Trick #3: Scams on Instagram and other social media platforms

vs.

Treat #3: Learning to spot a scammer on social media

Where do we even start? Scams spreading on social media sites, such as Instagram, Facebook and Tiktok, are some of the most common trickery going around. And they come in different shapes and sizes. But if you want to avoid falling prey to these schemes, try to follow a few rules:

  • Don’t open links sent by strangers in your DMs. Remember that if they are using someone’s account to message you, they could use that account instead of asking you. Also, Instagram only sends emails to recover accounts to the user’s registered email address.

  • Even if you know the person writing to you, be wary of opening the links – the link might have been sent by someone that hacked the account.

  • Do not engage in cryptocurrency schemes or any kind of get-rich-quick ploys. Not only do they fail to ‘pay dividends’, but they’re a way of stealing your banking details.

  • Some scams, such as the sugar baby scams, will ask you to send them a first payment in order to get a weekly or monthly allowance. Make no mistake, you’ll never receive your allowance, nor will your money ever be credited back to your card.

  • Report the scammer’s account.

Trick #4: WhatsApp family impersonation scams

vs.

Treat #4: Call your relative

Some tricks are even nastier than others, such as this one. Scammers will send a message to you to say “Hi mum” or Hi dad,” claiming they have lost their number and that you should save the new one. While a worried parent may easily believe the message, the scammer will soon try to gain your trust before asking you for money. “I can’t access my bank account because I lost my phone” sounds pretty convincing, and before you know it you’re already sending them money through some dodgy website to criminals. Here’s how to avoid falling for this scheme:

  • Always call the family member they’re trying to impersonate on their original phone numbers.

  • If you can’t reach them, wait until you manage to do it. Do not transfer money before confirming their identity.

  • If you are genuinely concerned and feel like someone close to you is really asking for help, try to ask a few personal questions that only that person could answer.

  • Report the scammer’s account.

Day and night, on Halloween or any other day of the year, the online world is full of risks. Fortunately, we can all be ready to deal with these kinds of threats by being vigilant and using common sense and security software. These treats are very real!

Enjoy a happy (and safe) Halloween!

Tags: