Halloween Hackers. PHOTO: Cybercrime Magazine.

Beware Of Creepy Cyber Imposters On Halloween!

Even Salesforce developers wearing gladiator costumes are at risk

Ruth Bashinsky, Senior Editor

Northport, N.Y. – Oct. 29, 2019

It may be Halloween for us but, for all the cyber-ghouls and goblins, it’s HACK-oween.

Even though you can’t see them, these cybercriminals are lurking around, ready to trick and prank you. These predators disguise themselves as someone trustworthy, waiting for you to click on an email that will disclose your personal information.

BOO!!!

Unfortunately, this is no joke. These sinister acts are becoming more prevalent, and what is even scarier is that no one is immune.

As one cyber safety organization put it: “In cyberspace, no one can hear you scream. Avoid spooky scams.”

Cyberattacks are the fastest growing crime in the U.S., and they are increasing in size, sophistication, and cost. Cybersecurity Ventures predicts that damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

Now may be a good time to scream.

To help fight against these cyber villains and raise awareness, Cybercrime Magazine traveled to the Big Apple to talk to random people to find out what they know (and don’t know) about these online cyberattacks.



The first question we asked was simple: Do you know what phishing is?

For those who don’t remember, it is commonly a spoofed email that is sent to a mass audience, hoping someone will click on the link so the sender can retrieve your personal information — passwords, user names, Social Security numbers, bank information.

Our second question was a bit more challenging: What about spear-phishing?

These attacks are more dangerous and more difficult to detect. It targets a specific person. Those at risk are individuals who put their personal information out on the internet. With the exception of these thirteen countries I discovered that have limited or no access to the internet, doesn’t that pretty much cover everyone?

We started at the Financial District, worked our way over to Grand Central Terminal, and hit AWNY, one of the largest advertising conferences in Manhattan, which draws a global audience annually. Luckily while en route, there were no power shortages, significant delays, or transit issues to report, just a few gnarly characters worth mentioning. Like the panhandler on the number 2 train who thought he was an orangutan. Clearly, my goal was not to make eye contact and to stay as far away as possible. I do admit, it was hard not to look as he swung from the metal pole screeching loudly before landing face down and kissing the rubber floor. Twice. Most of the passengers were unfazed. Some were on their phones. Others had their nose in a book — just another zany day in the big city.

Landing in the heart of Wall Street, there was enough stimulation to get anyone fired up. Even the pigeons were excited as they huddled near a food truck nearby. Busy professionals rushing off to their offices at The New York Stock Exchange. Packs of tourists lingering on the steps of Federal Hall or enthusiastically taking selfies with the bronze statues of the Fearless Girl or the Wall Street Bull nearby.

While on the hunt for candidates to interview,  I bumped into a Roman gladiator. His name was not Crixus, Tetraites or Spartacus. It was Christian. Salesforce developer by day. Roman by night.

Before Christian ran off to battle, I did ask him what a phishing scam is.

He responds, moving his sword back and forth. “That is when you”ll be sent a website that looks like a real website or something like that, and they are expecting you to enter your user name and password, and then they steal it.”

Close enough. I mean he did have a sword even if it was plastic.

Nevertheless, I wished him well on the battlefield.

“We’re Romans,” he declares as pedestrians pass by. “We always win!”

Okay then.

Nearby, Rob is standing outside his office building wrapping up a call on his cell phone. Rob explains that he works in sales in the tech field and didn’t seem to flinch when we asked him about phishing. In fact, he shared a quick story about his friend who got phished.

“Somebody got into his network and hacked him. He’s got a small company and never thought he was going to have any issues, and they held all his files hostage,” he reveals. “They encrypted all of his Excel and Word documents. They told him, ‘If you don’t pay we are going to delete everything and you will no longer have access to this information anymore.'”

Not a great situation for anyone to be in.

Uptown and inside Grand Central Terminal at 42nd Street and Park Avenue is the echo of the commuter frenzy. People arriving and departing while some are on standby. Business people meeting up for lunch. Tourists shopping at one of the multitudes of shops, restaurants, and bars.

Bert, a property developer, was rushing to grab food and stopped to talk cyber. He seemed up on phishing scams, but not so much on spear-phishing.

“I know spear-phishing in the water,” he smiles. “But, not cyber spear-phishing.”

He wasn’t alone so we explained.

Meanwhile, Noah was on the other side of the terminal. He didn’t mention whether he was coming or going, but he didn’t mind giving us a personal account of the experience his grandmother went through that had to with an email and a call from someone claiming to be her granddaughter when it wasn’t.

“They said, ‘I’m stuck in Mexico. I need bail. I’m detained. Please send me this money,'” recalls Noah, “What was particularly upsetting was how distraught she was. There are the obvious financial and security ramifications that are dangerous, but there is also the emotional toll it takes on these people too.”

The last stop of the day was AWNewYork, a four-day conference that draws a massive audience and features celebrities, athletes, journalists, television personalities, influencers, and major companies in the financial, media, and advertising space.

Justin, who works on the agency side of the brand and digital strategy, was there. Not sure if he was planning to get the free donuts and coffee being distributed outside the event, but he did give us some bites and joked: “Did you just phish me?”  And, then his eyes grew wide: “It is safe to say maybe I have been the victim of a phishing scam, and I just don’t know about it yet.”

Creepy and certainly possible in today’s cyber climate.

As National Cyber Security Awareness Month (NCSAM) — a collaborative effort between government and industry to raise awareness about the importance of cybersecurity — ends, Halloween is the perfect reminder for everyone to stay safe online not only today but every day.

Happy Trick-a-Treating … and remember … don’t eat the phish!

Phishing Trip Stories

Ruth Bashinsky is the Senior Editor at Cybercrime Magazine.