Halloween horrors and how to avoid falling victim


Ghosts don’t exist. Poltergeists aren’t lurking in your closet. And that antique lamp you bought at a thrift store last summer doesn’t contain the disembodied soul of a serial killer. You can relax.    

But that doesn’t mean that you don’t have anything to fear this Halloween: online fraudsters and criminals are worryingly real, and like any film by M. Night Shyamalan, can ruin your day. The horrors of cybercrime are only getting worse. Last year, the UK lost £2m each day as a result of financial fraud. Identity fraud is rising at record levels, and online fraud now affects almost one in ten people, according to recent figures.    

Faced with such a deluge of attacks, it is understandable that some people might choose to bury their heads in the sand; but fear not: there are actually some simple steps that can help people protect themselves from the most common threats. Here are some examples of the typical scams that people face, and advice about how to avoid falling for them.   

A child possessed  

Gabriel Jimenez was only eleven years old when his mother Jeri made a disturbing discovery: her son had been possessed.    

Gabriel was a child model, and so was required to file taxes, which his mother did – until one year, she was told that someone had already filed on his behalf.    

Her eleven-year-old son could not have done it himself, so how did this happen? The answer didn’t lie in the supernatural; rather, it was the result of an illegal immigrant who was working using the same number.    

Despite notifying the IRS, the police, and the social security office, the problem persisted and took many years to resolve.    

When someone steals your online identity, it can ruin your credit rating and make it extremely difficult to get loans, credit cards or a mortgage. Unfortunately, it can also be a long and very complicated process to reclaim it.   

In order to protect your online identity, you should create strong passwords and avoid re-using the same password across different sites. Password managers can help you to remember all the passwords you have for different accounts, so that you don’t have to keep track of them all. In addition, always use privacy settings on social networking websites, because hackers can use your profiles to search for personally identifiable information. Finally, keep sensitive private information private – and never disclose information like your date of birth or national insurance number to anyone unless you’re 100% sure that the person you are dealing with is genuine. 

The terrifying case of the shape-shifting CEO  

Susan Carlton was coming up on her fifteenth work anniversary at IngotCo. The mother of three had worked at the Milwaukee steel manufacturer since she left college, and her dedication to the company had seen her rapidly climb the corporate ladder, ascending from a lowly mail clerk, to personal assistant to Dave Wiener, the company’s CEO.  

Workdays were all pretty similar. She’d get in at 8:30, and fight to keep her head above the water, returning emails and phone calls almost as quickly as they’d arrive. Her trusted position also saw her handle administrative tasks, like paying vendors, and making purchases on the company’s credit card.  

One day, while the CEO was out of the office, she received an email:   

Susan wasn’t someone to leave Dave waiting, so she quickly opened up the company’s online banking, and transferred $50,000 to a bank account in Lithuania.    

It wasn’t the real CEO. Of course it wasn’t. If it was, what would be the point of this story?    

Someone on the outside had taken the time to learn about IngotCo’s internal structure.  Really taken the time. And from that, they were able to craft an email that impersonated the CEO, and crucially, was believable.    

IngotCo lost $50,000. But the effect on Susan was much worse. Although she didn’t act with malice, she was fired for gross negligence, and lost her job of 15 years.    

According to the FBI, law enforcement registered more than 12,000 complaints of CEO fraud attacks in 2016, which totaled more than $360 million.    

So, how do you fight back? The best way is complete vigilance. Check every email you get that asks you to send sensitive internal documents, or transfer sums of money. If the email address isn't legit, tell your company’s IT department, and ignore it.   

Spooky Shopping  

Halloween was Dave's favourite holiday. He proposed to his fiancé on Halloween with a skeleton ring. The subsequent year he sought to make an equally romantic yet spooky gesture.  

A banner ad popped up offering heavily discounted fancy dress costumes for a limited time. Dave couldn't believe his luck - and went immediately to the site; put a couple of excellent items at rock bottom prices into his basket and proceeded to checkout. The website helpfully asked if Dave would like them to save his card details to expedite further purchases to which he gladly agreed. He'd definitely be visiting this site again.  

As you may have guessed, the website was not legitimate. Not only did Dave not receive his items; but his credit card was fleeced.    

One of our strongest defenses against any type of cyber-attack is to trust our instincts. If something feels wrong, then it is right to pause and question it. Don’t be rushed into doing something that makes you feel uncomfortable, and have the confidence to refuse a request that feels strange, unusual or too good to be true. After all, it will always be better to err on the side of caution and be suspicious that a genuine email might be a scam rather than the other way around. 

Javvad Malik, Security Advocate at AlienVault 

Image Credit: ifreestock / Pexels