Staying vigilant against cyber-attacks whilst working from home
Last updated on March 24th, 2020
Employers and employees worldwide are adjusting to the new normal of remote working in the wake of the coronavirus. For some businesses, this will be the first time they have implemented such a policy and it will have come with its own challenges. Unfortunately, during a time of heightened tensions and anxieties, there will always be a few individuals who will try to capitalise on the uncertainty. However, by encouraging everyone to remain vigilant, use common sense and follow best practice we can help to reduce and prevent damage to businesses.
What should employees be on the lookout for?
According to Action on Fraud UK, there was a 400% increase in coronavirus-related frauds with losses totalling nearly £970,000 in March 2020. While a number of scams were related to online shopping, where people ordered protective equipment that never arrived, there were over 200 reported phishing emails which tried to get people to click on malicious links or downloads.
At QuoStar, we’ve seen a rise in targeted phishing attacks using topics like coronavirus or pretending to be from Microsoft’s Office 365 team to exploit unknowing employees. There have also been reports of emails purporting to be from national health authorities, like the CDC, and expert medical professionals who were in Wuhan, China when the outbreak began.
However, unlike typical phishing attacks, which tend to jump between news stories, these emails are evolving with the pandemic. Mimecast reports they are seeing a steady stream of different attacks which are evolving so they match what people are talking about and what people are worried about at the time.
As more companies enact home working in line with government advice, we will likely see the types and volumes of attacks grow. More specifically, you should expect to see a rise in cyber-criminals impersonating global brands, health officials, banks, airlines, insurance providers, HR departments and more with the goal of stealing credentials and financial details through social engineering techniques.
Helping employees to remain safe
As you can see, phishing emails (albeit poor attempts) are already preying on employee’s understandable desire for information and using urgency to get people to click.
The important message to give to your employees during this period is to stay vigilant. For many of them, working from home will be unfamiliar – making it harder to spot something out of the ordinary. But the good news is that these new attacks aren’t really anything ‘new’ at all, they’re just reskinned versions of cyber-criminals’ tried and tested approaches.
Potential attacks could include:
- An email sent from ‘HR’ saying the attached .zip file contains essential ‘remote working policies’ which all employees must read. In reality, the .zip contains malware.
- An email from ‘Microsoft’ saying they are offering a month’s free subscription for their collaboration tools to existing customers as a goodwill gesture in wake of the coronavirus. All you need to do is follow the link to the ‘Office 365 website’ and sign in.
- An email from ‘the CEO’ saying due to coronavirus there will be mass layoffs. Please view the attached word document (containing a malicious macro) to see if you are on the list of people who will remain employed.
These attacks latch onto the underlying uncertainty and fear of this situation and exploit the basic human desire for information. This might seem alarming, but because the underlying approach of these attacks is still the same, the methods of spotting them also still hold true:
- Look out for emails addressed to general groups (sir/madam, loyal customer) as these were likely sent out to thousands of people.
- Check that the sender address matches what it should be and don’t trust display names as these are easily spoofed.
- Pause for a moment and ask if you’re being urged into doing something you wouldn’t normally do.
- Look for spelling and grammatical errors as mass phishing emails often come from countries where English isn’t a first language (Russia, China, India).
As long as employees use common sense and follow security best-practices, these new attacks are unlikely to have a major impact. But employees must be vigilant.
Other types of cyber-attacks to watch out for
Alongside phishing, it’s likely we will also see a rise in vishing attacks against employees working from home. A likely example of an attack would be a call from a cyber-criminal posing as an ‘engineer’ from the company’s IT team/Microsoft/Slack who is here to ‘help them with remote working’ but in reality just gets them to install malware or hand over credentials.
Social engineering techniques like this are likely to see unprecedented success whilst employees are getting used to the new reality of working from home. Things which would be obvious red flags in the office become harder to detect because when everything is a bit unusual, an unexpected phone call doesn’t seem that strange.
Once again, the best advice here is for employees to be wary. Although your workspace at home might have a more relaxed atmosphere, you should still be on high alert for suspicious requests (clicking unfamiliar links, responding to unexpected information requests, authorising unplanned payments).
One final precaution to remember is that just because you’re not sitting with your colleagues when working from home, it doesn’t mean you can’t double–check with them. Get in touch over Teams, Slack, email or phone call and ensure requests are genuine if they don’t seem quite right. It is better to encourage employees to err on the side of caution.
Unfortunately, with any global events or widespread disruption, there will be attempts by cyber-criminals to exploit them. However, it’s important to remember that the advice remains the same whether you’re home working or in the office. Be vigilant, be wary of anything which sounds off and always double-check and exercise caution.