Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Phishing scams target remote workers

By Ed Bishop, Chief Technology Officer and co-founder, Tessian

As more employees work from home, people need to be even more vigilant when it comes to phishing attacks. Hackers love emergencies and times of uncertainty, because people are scared, distracted, and vulnerable. This makes them ideal targets for opportunistic cybercriminals looking to steal money, harvest credentials or trick people into installing malware onto their computers.

Businesses, therefore, need to ensure their employees are aware of and protected from the cyber threats. Here are some of the tactics that hackers are using to target people at this time – both at work and on personal devices – and my advice on how you can avoid falling victim to the scams.

  • Posing as a third party
Ed Bishop
Ed Bishop

Businesses will rely on remote-working tools to ensure employees stay connected while working from home. Knowing this, hackers can impersonate popular web conferencing applications, by directly spoofing the domains, in order to trick staff into clicking links that will ‘activate their web conferencing accounts’, for example.

Always be less trusting of any email asking you to take an action. Look beyond the branding of the email or the display name and examine the full email address of the sender, and any URL, carefully. For example, does the URL look legitimate when you hover over the link? What’s more, your organisation should always send internal communications to let staff know they’ve implemented new tools or platforms. You shouldn’t be hearing about it from the third-party first.

  • Impersonating the out-of-office boss

Attackers will also impersonate senior executives such as the CEO, the CFO, or the Head of HR, leading with messages that say “need to get hold of you. Please can you send me your personal phone number as I need you to do something for me” or “I’m having trouble logging onto our system, please could you action this payment?” Impersonating a person in power is a common tactic in social engineering schemes. And by working remotely, it’s harder for a person to verify if the request is legitimate.

In this case, ask yourself, “would I normally be asked to share this information or pay this invoice?” and “would a senior executive ask me to share personal information over email?” If you do receive such a message, I would also urge you to contact the person who requested you to do something – via an internal channel like Slack or an SMS – to confirm it was them before complying with any urgent requests.

  • Impersonating a trusted institution

We are seeing a growing number of phishing attacks whereby hackers impersonate trusted institutions like the World Health Organisation (WHO), insurance companies and banks to trick people into clicking links to fake websites or downloading malicious attachments. These attacks might ask you, for example, to confirm personal details – which can then be used to try and access your legitimate accounts. The message might also include malicious links asking you to sign in and ‘confirm you are safe‘ or ‘confirm you haven’t travelled to recent affected COVID-19 countries‘.

If you’re ever unsure, do not click the link, download an attachment or comply with the request. Search for the institution online and find a support contact number, so that you can ask them to confirm whether the communication is valid. Remember, all valid email correspondence from WHO will come from @who.int, not any other variation. And like many other organisations, WHO has stipulated they will never send unsolicited emails containing attachments.

  • Taking advantage of unfamiliar environments 

Working from home can be an unfamiliar environment for many employees. We are using smaller screens as we rely on our laptops and mobiles, and many people will be working in homes shared by others, be it housemates or family members, so there are bound to be new distractions. This increases the likelihood of people making mistakes at work. Hackers will be banking on this. So be careful and take an extra minute to check the legitimacy of an email, verify the identity of the sender, and consider whether their actions are putting sensitive or personal information at risk.

During these uncertain times, it’s important that businesses advise customers and employees on the threats on email they could be exposed to while working remotely. People need to know what they will and will not ask for via email, phone, or text so they can understand if something is out of the ordinary. Remind employees about best security email practices, and ensure these security measures are put into place in both their working and personal lives to avoid falling for the scams.