The sudden increase of people working from home, is attracting hackers who use crises and world events to steal from people who are worried or scared.
Although Microsoft reports there hasn’t been an overall increase in resources deployed by hackers, certainly the volume of messaging in email phishing scams focusing on the Coronavirus is increasing.
Even NASA reports that it’s under attack. An internal Memo from the NASA CISO reported that hackers are attempting to phish employees and contractors for sensitive government information. Malware attacks are also increasing.
This week, the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Britain’s National Cyber Security Centre (NCSC) issued a joint alert warning of the increase in Coronavirus themed cyber threats. Now that US economic impact payments, commonly called stimulus payment checks, are being issued, scams are cropping up preying on those trying to save failing businesses.
There has been a rise and hackers targeting people who suddenly find themselves working from home video conferencing apps, VPNs, messaging apps, and emails are all the targets of hackers looking to trick people into giving up sensitive information so they can steal their money.
There are things that you can do to protect your identity, personal information, and your money, as well as that of your employer while you work from home.
Don’t Reuse Passwords
Don’t reuse the same password across multiple online accounts. If a hacker steals one of your passwords, that means they can use it to try and break into other online accounts. For example, if a hacker is able to glean your username and password from public WiFi found at a coffee shop, hotel, or other unsecured WiFi, they can then use that email to break into another online account connected to that same email.
When you share the same password across multiple online accounts and then use the same email address, you make it easy for hackers to get in.
Create a strong, hard-to-guess passowrd and unique username and password for each of your online accounts. Don’t write down your passwords on a piece of paper where someone could steal it for example. I had a friend who wrote down all of his usernames and passwords and left it next to his keyboard at the end of the day. Eventually the paper was stolen, and his email was compromised.
if you’re also reusing the same password, it makes hacking that much easier. Having access to your email account means a hacker can use the email account and password to issue password reset requests to any other online account you own. It just takes a quick search of your inbox to see what accounts have been sending notifications.
Don’t reuse passwords that are easy to guess information or information that is available I’m social media. For example, don’t use your children’s names, pets’ names, maiden name, or hometown. This information is easily available from social media accounts like Facebook and Instagram.
Watch Your Back
Your background in video calls can give away information about you. You may find yourself in video calls with people you don’t know. There have been numerous reports of hackers joining video calls by randomly (and successfully) guessing the web links to calls and classes. Some scammers are gleaning call-information from school and University websites.
What’s behind you in a video call can give away information about you or your company. Yes, thieves actually take the time to look around your background and environment to figure out how they can steal.
It’s a form of social engineering. If a hacker can figure out where you work your email address and a little bit of personal information about you, they can work their way up to a lot more valuable information like your bank account. Learn how social engineering works with this online course.
If you are calling from a corporate office, there can easily be useful information visible in your background – like an organizational chart, a whiteboard of company online assets, or team contact information that hackers find very useful. Social engineering can also be accomplished by digging through social media posts. Photos taken in a corporate can give hackers the knowledge they need to create fake name badges, identify what IoT devices are in the office, or give them contact information and job titles.
Little bits of information like this can go a long way when sending a spear phishing email. Just recently an assistant to Shark Tank host Barbara Cochran was successfully phished. She transferred away almost $400,000 to pay a fake invoice.
For your video calls move to an area where there is a plain background behind you. Even something like a bookcase can tell a hacker a lot about you. The answers to common password reset questions can include information like favorite books, vacation spots, where attended college – all of which may be framed in background photos in your video call. This information can be found in photos you might keep on the bookcase or shelf behind you.
Monitor Your Credit
Order a Credit Report hackers often steal login credentials, government ID numbers, driver’s licenses, and other sensitive data to open up new lines of credit in a victim’s name. Identity theft, medical theft, and tax scams committed with stolen sensitive data. Every person is entitled to one free credit report from each of the three major credit bureaus – Experian, Equifax, and TransUnion – each year. In addition, if you’ve ever been denied a line of credit, for example you were turned down for a new credit card, you then are entitled to another free credit report from the agency at the bank used to verify your financial information. This information and how to obtain a free credit report will be included in the denial letter.
US service personnel are also entitled to free credit reports as long as they are on active duty.
But there are other ways to get free credit reports.
If you are the victim of a data breach you may be entitled to free credit monitoring for a time. Recently the recent Marriott Hotel chain was hacked again and is offering free credit monitoring service to those impacted by the data breach. Victims of the recent Wawa data breach can also receive free credit reporting services.
Don’t wait until money is missing, to monitor your credit. Understand that some of these free services offered by companies who have suffered data breaches are not necessarily the premium version or the best version of what’s available.
It’s better to get out ahead of a hacker instead of having to clean up an identity theft mess afterward. Anyone can enroll in credit monitoring services and identity theft protection, so you are always covered not just during a free trial.
That way you’ll know right away if someone opens up a credit report in your name or credit card in your name increases an existing line of credit or even makes an inquiry on your credit report. Some credit monitoring services will even tell you if your email and passwords have been found for sale online including the dark web.
There has been such a massive uptick in malicious activity from APT hacking groups and hackers, that the US Department of Homeland Security and British cyber security issued an alert together warning citizens and businesses of all sizes to be extra vigilant for cyber threats. Since the start of the Coronavirus pandemic, there has been an increase in malware attacks and phishing emails raining on people who are working from home.
If your laptop or phone came with malware protection, download it and use it. Make sure it’s on full-time. Often people disable VPNs and malware protection because they feel it slows down their device or it’s difficult to use.
If you don’t have an antivirus app, consider downloading one and using one before you need it. Ransomware is one of the malwares circulating using coronavirus lures. If your device if your phone or laptop is locked up this may put you out of work or result in your employer’s information getting hacked.
Use a VPN
VPN stands for virtual private network. A VPN is software that you download to your laptop, computer, or phone to encrypt all the information sent from your device over the internet. A VPN keeps your emails, messages, files, and any other information sent from your device secure. With a VPN, I’ve been on the authorized user to intercept your data or messages they won’t be able to read them.
In the past VPNs were mostly used by large corporations as a way for employees to tunnel to their workplace securely. With so many people working from home now, a VPN is a necessity to protect you and your employer’s private information from hackers. There are many free VPN apps for phones that are decent and totally free. I’ve used TunnelBear for free successfully in major airports. Currently, I use IPVanish to work from home.
Don’t Forward Emails to Personal Emails
In the memo from NASA, the CISO warned employees of this danger.
I’m definitely guilty of forwarding work emails to my personal Gmail account. I just find it a little bit easier to read long emails threads from Gmail rather than in Outlook. However, this puts my work email at risk. If I get SPAM in my Gmail and send it to Outlook, I could easily compromise my work email and documents.
Keep your work email and your personal email separate.
Emails can contain links to harmful websites or email attachments that can take control of your computer. Don’t download email attachments from someone you don’t know. Malicious email attachments can download and infect your machine with malware in a matter of seconds.
If you work at a job where it’s normal for you to receive lots of emails from strangers with attachments, you’ll need to take a few extra steps to protect yourself. If you can afford it, buy a cheap extra tablet or laptop, like a Chromebook and use it to quarantine email attachments. that way if you receive a phishing email with a malicious attachment it won’t cause damage or steal your other files.
If you can’t afford to have a special laptop just for suspicious emails, then download a quality antivirus app that has updated libraries to protect your device. Read our guide and how to spot a phishing email.