The Increased Risk of Social Hacking When Working from Home
As a professional, you may have heard that hackers have taken the COVID-19 opportunity stride. Pretending to be emergency services and customer support was only the beginning. Hackers adapt to the new situation as quickly as businesses can build new remote workflows. Remote employees have become prize targets for the new wave of social hacking strategies.
Remote employees are in a new environment rebuilding their workflow with the tools at hand. They may be juggling family logistics or financial challenges. Most importantly, they connect with coworkers and managers only through online means. Hackers can interrupt, fake, and spy on digital communications, so it’s no wonder we’re seeing a phishing Renaissance.
The good news is that you can outsmart and avoid social hacking attempts by understanding the hacker methodology. Let’s take a closer look at how and why hackers target professionals working from home.
Separated from the Flock
The thing that makes remote employees so appealing as hacker targets is their separation. Most employees work within a protected company network on-site with monitored company devices. Suddenly, employees are cut loose to work on separate, domestic networks with personal devices and only their own IT skills to fall back on.
Remote employees are statistically more likely to be vulnerable to social-hacking tricks. When someone transitions from office work to working remotely, they are likely not experienced in canny online self-defense and cybersecurity. This creates people who are temporarily less cyber-secure without protecting their company’s IT or the experience of fending off constant phishing attempts from working solo.
Newly remote professionals need to get savvy fast and eliminate that ‘separated from the flock’ effect of unsecure devices, new contacts, and remote tech stacks.
Using Remote Support Services
Hackers love to pretend to be customer service. This is a tradition of phishing that hearkens back to phone phreaking and old-school con artistry.
Lately, social hackers have tried sending emails or calls pretending to be proactive customer service for a remote service the target uses. Professionals working from home are especially susceptible to remote customer service scams because they are handling all matters through online communication. It’s easy to get wrapped up in a “concerned about your account” or “problem with your balance” call when it sounds legitimate.
However, red flags should go up at some point. Genuine customer service rarely calls you. You have to call them. Genuine customer service never needs your one-time codes or passwords or to hear your balance. Also, you should be able to hang up and call the legit service number to re-access that ticket if the service ticket is accurate.
Communicating Over New Channels
Another weakness of remote working is online contact. When you transition from the office, you suddenly need email, social media, phone, and chat contacts with all your coworkers. Lately, we have all needed to contact remotely with all non-housemate friends. This creates another in-road for social hackers.
Phishing attempts often fake someone known to the target. It might be their “Facebook account” or a “borrowed phone” explaining the new account. Or the hacker will try to slip the new account right by you without mentioning it. Watch out when connecting with people through new channels to ensure each new account is legitimate.
Using Personal Devices
Personal computers and mobile devices are also more susceptible to hacking than work devices. People are less careful with their devices about browsing and downloading, and personal devices often have less security installed or configured to protect them from malware attacks. A transition to working from home can often result in working on personal devices, even if you also have a work device available.
Hackers will sometimes try to target work data through less secure personal devices. Be particularly careful about ‘smart’ devices on your network, which often have inferior security but might provide a gateway to your home wifi network.
Establishing a Personal Office
It’s worth mentioning that social hackers are adaptive beyond stealing data and targeting communications. Some have adapted to the pandemic by targeting known activities of newly remote professionals. For example, setting up the home office is now a targetable demographic. When you’re going through the checklist of preparing your work-at-home office, be aware that fraudulent offers and websites exist to catch the wave of people searching along these themes. Protect yourself from non-legitimate and too-good-to-be-true offers online as common honey traps.
Going Through Financial Challenges
Specifically relating to the COVID theme, it’s important to remember that hackers also target financial and crisis relief. Several instances have occurred where hackers have reached out to families to offer crisis assistance and financial relief, only to use this interaction for data mining and identity theft. Protect yourself and those you know from falling for phishing in the form of emergency services. While despicable, this is a line hackers have crossed and it’s important to stay alert.
Improvised Tech Stacks
The last risk to mention is that many remote professionals are improvising their tech stack. It’s easy to use whatever public or private tools are at hand to get the job done. However, a secure and secured tech stack is essential to the cybersecurity offered by an employer. The risk is doubled because so many companies have had to quickly transition to remote work, meaning less time to prepare the remote tech stack for said transition.
Managers and team members use whatever they can find to stay connected and trade files so the work can continue. But transferring unencrypted files and working over home-edition software. This is especially true if you lack a firewall and virus-scanning software configured to your system the way company workstations are protected.
EGLtech is dedicated to helping businesses build a robust tech stack and strong anti-social-hacking policies among the teams. Let us help you defend your remote employees just as wholly as the employees protected by your on-site network. Contact us today to consult on your company’s security needs and the needs of your remote teams.