Cybercriminals will exploit Remote Workers during COVID-19 Crisis
Remote working has become somewhat of a buzzword over the past couple of weeks with many companies finding themselves with a need to rapidly scale their remote working capabilities. Never before have so many businesses switched operations from their offices to the homes of their employees, in so little time. When this crisis has passed as no doubt it will, I believe that there will be a seismic shift towards remote working and flexible working solutions by many businesses. Most of the challenges faced over the past week or so will have been basic teething problems while setting up ICT equipment, VPN’s etc. I believe, however, that a degree of complacency will set in owing to the physical disconnect from HQ that will likely lead to many users and businesses falling victim to cybercriminals who are taking advantage of the COVID-19 crisis. During this time of physical disconnection from HQ, there has been a concerning spike in cases of CEO Fraud (Executive Whaling). Given the chaos of these past two weeks and the pressures people are under, it’s very easy to drop the ball and fall victim to an email purporting to be from the boss and making an urgent demand to pay someone or some external entity. CNBC.com reports that fraudsters are taking advantage of the Coronavirus and expect to see phishing scams similar to those brought on by the fear and uncertainty of the 2008 financial crisis.
IT.ie would like to remind you (whether you are working remotely or in the office) to remain vigilant in relation to malicious emails, scam web links, bogus phone calls and text messages. In particular, you are urged to be extra vigilant with any emails or web links that reference COVID-19 or Coronavirus that cannot be directly attributed to Government sources or legitimate media outlets. Most scams occur via your inbox and so the tips below are designed to help protect you from falling victim to email scams.
Top Tips to avoid falling victim to email scams.
Don’t be fooled by emails that seem to know a lot about you.
Someone who has never met you, and never will, can easily project themselves as a friend-of-a-friend, or a colleague you’ve worked with electronically but never met face-to-face. Using social engineering as well as other data harvesting methods, the cybercriminals can gather a lot more information about you than you might expect.
Don’t blindly follow “urgent” email request or demands from superiors
Scams of these types often work because they play on the trust and maybe a little fear of superiors. This is even more so the case during the current Covid-19 crisis. Scam emails that make urgent requests or demands for information or payment from someone higher up the organisational chart have been found to be very successful. CEO Fraud has proven very profitable for cybercriminals who prey on this trust and fear. At IT.ie we recommended that a safe-word or phrase be used in all correspondence that requests the release of data or funds.
Don’t take the details provided by the sender at face value
Scammers know that you are likely to check up on the source of the email to make sure that the sender and its content is legit. To help you verify the legitimacy of the email, the scammers will often provide you with a number to call or website to visit to check their authenticity. They may even warn you about other scams to gain your trust. If the sender is legit, then it will be very easy to verify their authenticity via other sources outside of the email that they have sent.
Don’t immediately follow instructions contained in the email especially when you are required to click on a link
This is probably the most important tip I can give you. If you don’t trust the source or destination of a link, Don’t Click on it. Clicking on links can allow cybercriminals access to your sensitive data and in the case of a ransomware attack, total control of your system or network.
Don’t be afraid to get a second opinion
I always ask a colleague to proofread any content I write because more often than not they find errors that I had missed. The same should apply to any email that requests you to carry out an action. Get a colleague to have a read and give you their opinion. Phishing emails very often have spelling or grammatical errors that you would not expect from professional correspondence and might only be picked up by having a second person read the email content. A second opinion might save you from divulging sensitive data, handing over company funds and ultimately save your company and your job.
The current crisis the world is facing has driven us more online than ever. We all hope to be back shaking hands and giving parents and grandparents much needed hugs sooner rather than later. Technology and online interactions allow us to stay connected even when we need to be apart. The true value of technology and online engagement will allow us to remain connected both personally and in our working lives. It will help ensure the continuity of many small and large businesses and likely bring in a new era of flexible working. Unfortunately, cybercriminals are always there to take advantage of people in difficult times.
However, by remaining vigilant, using good practices and common sense, we can take their advantage away and make it more and more difficult for them to find their next victim.