Spooktober is usually a month-long preparation for Halloween when little ghouls, vampires and adorable werewolves roam the streets, knocking on doors and demanding candy from strangers. But that’s about as far as any stranger should get when it comes to keeping a safe home — even if they’re mini and adorable. Our personal passwords for online platforms and services should remain safe and secure from prowling phishers. Passwords are like keys, keeping nasty strangers out of our lives — which is why passwords are as sought after by cybercriminals as candy is by mini-ghouls on Halloween. Reused passwords on multiple social media platforms are especially valuable. It’s like having one key and an open invitation to all of your online haunted houses.
Social media phishing — like the silly quizzes asking for your first pet’s name, the street you grew up on and the year you were born — may look innocent and fun. But the results of these surveys, which generate your hilarious “sexy vampire” name, are specifically designed to phish for your password or the answers to commonly asked security questions. They may be fun, but they’re also perfect tools for cybercriminals to secretly glean information about you to gain access to your personal accounts.
Password reset phishing tactics are used by scammers to send phishing emails claiming that you need to reset a password to your social media page or your favorite online marketplace. Moreover, the scammers often require you to include your old password before creating a new one. This is how they get into many of your online accounts. It’s no secret that too many of us use a single password for multiple websites. It’s just easier to remember. Regardless, never click any links if you didn’t request a password reset.
How to avoid social media phishing:
- Do not participate in social media games that ask for information that could be used to hack into your accounts. Do you really need to know your cartoon character name?
- If you receive a password reset notification that you never requested, ignore it and report it to your security team or the website’s administrators.
- Use a unique password for every website account. This minimizes the potential of a successful password phishing attack or leak. Consider using a reputable password manager app or service — not a cute paper notebook!
- For more sensitive accounts, like banking, work email addresses and your personal laptop, always use a unique and complex password. The best passwords contain a combination of numbers, letters and symbols. Pr0t3ctY0vr!nf0!
Good password hygiene is as essential to cybersecurity as a toothbrush is to little teeth after Halloween:
- Never reuse passwords for multiple accounts.
- Never reduce passwords. They should be long, complicated and contain special characters, such as #, $ and &.
- Do not recycle currently active passwords simply by adding a number or letter to the end of it. This is an unsafe practice because of how little effort is required to guess.
- A reputable password manager app or service is great for generating and managing multiple strong and unique passwords for all your accounts.
Contact Global Learning Systems today to learn more about our security awareness and anti-phishing training to help your employees learn best practices to keep your information safe at home, work and on the go.