As a professional, you may have heard that hackers have taken the COVID-19 opportunity in stride. From pretending to be emergency services and customer support was only the beginning. Hackers are adapting to the new situation as fast as businesses can build new remote workflows. In fact, remote employees themselves have become prize targets for the new wave of social hacking strategies.
Remote employees are in a new environment rebuilding their workflow with the tools at hands. They may be juggling family logistics or financial challenges. Most importantly, they are connecting with coworkers and managers only through online means. Hackers can interrupt, fake, and spy on digital communications, so it’s no wonder we’re seeing a phishing Renaissance.
The good news is that by understanding the hacker methodology, you can outsmart and avoid social hacking attempts. Let’s take a closer look at how and why hackers are targeting professionals working from home.
Separated from the Flock
The thing that makes remote employees so appealing as hacker-targets is their separation. Most employees work within a protected company network on-site with monitored company devices. Suddenly, employees are cut loose to work on separate, domestic networks with personal devices and only their own IT skills to fall back on.
Remote employees are statistically more likely to be vulnerable to social-hacking tricks. When someone transitions from office work to working remotely, they are likely not experienced in canny online self-defense and cybersecurity. This creates people who are temporarily less cyber-secure without the protection of their company IT or the experience of fending off constant phishing attempts from working solo.
It is key for newly remote professionals to get savvy fast and eliminate that ‘separated from the flock’ effect of unsecure devices, new contacts, and remote tech stacks.
Using Remote Support Services
Hackers love to pretend to be customer service. This is a tradition of phishing that hearkens back to phone phreaking and old-school con artistry.
Lately, social hackers try sending emails or calls pretending to be proactive customer service for a remote service the target uses. Professionals working from home are especially susceptible to remote customer service scams because they are handling all matters through online communication. It’s easy to get wrapped up in a “concerned about your account” or “problem with your balance” call when it sounds legitimate.
However, red flags should go up at some point. Real customer service rarely calls you, you have to call them. Real customer service never needs your one-time codes or passwords or to hear your balance. Also, you should be able to hang up and call the legit service number to re-access that ticket, if the service ticket is real.
Communicating Over New Channels
Another weakness of remote working is online contacts. When you transition from the office, suddenly you need email, social media, phone, and chat contacts with all your coworkers. Lately, we have all needed to contact remotely with all non-housemate friends. This creates another in-road for social hackers.
Phishing attempts often fake someone known to the tarket. It might be their “facebook account” or a “borrowed phone” explaining the new account. Or the hacker will try to slip the new account right by you without mentioning. Watch out when connecting with people through new channels to make sure each new account is legitimate.
Using Personal Devices
Personal computers and mobile devices are also more susceptible to hacking than work devices. People are less careful with their personal devices about browsing and downloading, and personal devices often have less security installed or configured to protect from malware attacks. A transition to working from home can often result in working on personal devices, even if you also have a work device available.
Hackers will sometimes try to target work data through the less secure personal devices. Be particularly careful about ‘smart’ devices on your network which often have inferior security but might provide a gateway to your home wifi network.
Establishing a Personal Office
It’s worth mentioning that social hackers are adaptive beyond stealing data and targeting communications. Some have adapted to the pandemic by targeting known activities of newly remote professionals. Setting up the home office, for example, is now a targetable demographic. When you’re going through the checklist of preparing your work-at-home office, be aware that fraudulent offers and websites already exist to catch the wave of people searching along these themes. Protect yourself from non-legitimate and too-good-to-be-true offers online as common honey traps.
Going Through Financial Challenges
Specifically relating to the COVID theme, it’s important to remember that hackers are also targeting financial and crisis relief. Several instances have occurred where hackers have reached out to families to offer crisis assistance and financial relief, only to use this interaction for data mining and identity theft. Protect yourself and those you know from falling for phishing in the form of emergency services. While despicable, this is a line hackers have crossed and it’s important to stay alert.
Improvised Tech Stacks
The last risk to mention is the fact that many remote professionals are improvising their tech stack. It’s easy to use whatever tools, public or private, are at-hand to get the job done. However, a secure and secured tech stack is essential to the cybersecurity offered by an employer. The risk is doubled because so many companies have had to quickly transition to remote work, meaning less time to prepare the remote tech stack for said transition.
Managers and team members are using whatever they can find to stay connected and trade files so the work can continue. But transferring un-encrypted files and working over home-edition software. This is especially true if you lack a firewall and virus scanning software configured to your system the way company workstations are protected.
—
tca SynerTech is dedicated to helping businesses build a strong tech stack and strong anti-social-hacking policies among the teams. Let us help you defend your remote employees just as completely as the employees protected by your on-site network. Contact us today to consult on your company’s security needs and the needs of your remote teams.
