By Jill Webster
The pandemic has presented unique challenges for employees working from home for the first time. Many workers were sent home essentially overnight to establish a viable, productive workspace at home. There are several issues that people are facing with working from home. Many people are sharing workspaces with a spouse who is also working from home. There may also be children using the same space to complete their remote learning lessons. In addition to physical space being challenging, there are distractions from other family members. There is also the stress of issues related to the pandemic, such as concerns for the health of family, keeping children safe, and, perhaps, helping parents navigate their health and safety. Most employees do not have their complete work computer set-up at home. Many are working from laptops or some modified, temporary set-up. Due to all these factors—distractions, stress, and modified workstations—workers are more likely to become victims of fraud and cyber vulnerabilities. Predators are taking advantage of this scenario and using a variety of schemes to profit from this crisis.
This ongoing, weekly-updated blog provides tips to keep your working-from-home life safe and ongoing, current issues involving cyber fraud and employees.
- Abide by your employer’s security guidelines.
- Shred sensitive data.
- Make sure security software is current. Ensure passwords are strong and long, using a combination of capital and lowercase letters, numbers, and symbols at least 12 characters long.
- Keep sensitive files locked securely.
- If a laptop is being used, ensure that it has a password. Do not ever leave it out of your sight.
- Be sure your home network is secure. Turn on encryption (WPA2 or WPA3) on your router.
The Week of June 15, 2020
The popularity of and dependence on videoconferencing has skyrocketed during the pandemic. By now, you have likely attended several virtual business meetings, or virtual classrooms, or socialized with friends via virtual happy hours. Zoom has become the most popular choice for virtual gatherings. Uninvited attendees have been “Zoombombing” meetings and interrupting with pornography, profanities, or racial slurs. In an FBI warning, two incidents of Zoombombing were highlighted. In a Massachusetts high school, a virtual Zoom classroom was interrupted when an uninvited participant entered the classroom. This person shouted a profanity and the teacher’s home address. In another Massachusetts school, a virtual Zoom classroom was disrupted by someone who came on camera showing swastika tattoos.
Here are some tips to keep your Zoom meetings secure:
- Take attendance and remove any unwelcome attendees.
- When sending invitations to join a meeting, use conference IDs instead of links, which can be hacked.
- Utilize the waiting room feature to verify attendees before allowing them to join the meeting. This feature can be located through the Settings tab, then In Meeting (Advanced) option.
- Do not repeat meeting IDs to keep uninvited attendees out of meetings.
- When computer webcams and microphones are not being used, utilize a cover or blocker, which can be purchased online.
Zoom has had its share of recent criticism. A user filed a lawsuit on March 30th, claiming that the company was illegally sharing personal information. New York State Attorney General Letitia James wrote a letter to Zoom including, “a number of questions to ensure the company will take appropriate steps to ensure users’ privacy and security is protected”.
In a blog post, Zoom CEO and founder, Eric S. Yuan addressed some of the privacy and security issues that have been plaguing the platform. Yuan states that they were not prepared for explosive growth. At the end of 2019, there were around 10 million daily users. In March, there were over 200 million daily users. Yuan states some of the security issues are because the platform was designed for large corporations with their own IT team. He outlines what Zoom has done to correct the breaches and the plans to continue to improve security and privacy issues. He addressed issues regarding encryption and data shared with Facebook.
Zoom has compiled extensive resources in response to the COVID-19 outbreak and demand for videoconferencing. There are materials on the following topics: Zoom Training Resources, Privacy and Security, Zoom 5.0 update, Remote Working, Educating over Zoom, Hosting Virtual Events, Telehealth, and Home Office Setups.
The Week of June 8, 2020
FBI Press Release: Cyber Actors Take Advantage of COVID-19 Pandemic to Exploit Increased Use of Virtual Environments
The FBI issued this press release in early April. It contains excellent information for protecting yourself against attacks from hackers while working from home. In the interest of time, only some of the highlights are discussed here. Be sure to review the press release in its entirety to review all of the advice from the FBI. As of March 30, 2020, the FBI’s Internet Crime Complaint Center (IC3) received over 1,200 complaints related to COVID-19 scams. The number of complaints has skyrocketed since then. See our blog on Seniors this week for updated numbers. Scammers are attacking individuals and businesses in both the private and public sectors. The FBI has created the following helpful tips to combat these attacks.
Tips for Teleworking
- Utilize tools to prevent potential phishing emails
- Control connection to virtual calls, meetings, and classrooms. Use passwords when possible.
- When choosing services for telework software, opt for established, reliable businesses. If using a service out of the country, do some homework to ensure it is a legitimate, trusted business.
- Stay alert for unsolicited emails or ads offering telework solutions, as they may be phishing for personal information.
- Click on links or open attachments in emails from contacts you do not know.
- Post links to virtual meetings, calls, or classrooms on public social media profiles or open websites.
- Utilize access to remote desktop functions such as Virtual Network Computing (VNC) or Remote Desktop Protocol (RDP) unless it is essential.
- Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.
FBI Press Release: Online Extortion Scams Increasing During the COVID-19 Crisis
The FBI is warning about a scheme where predators are sending extortion emails threatening to share sexually explicit images or compromising videos of the recipient to the victim’s contacts. The scheme can vary, but there are some key common elements. Fraudsters are constantly changing their tactics to keep up with current topics in order to seem legitimate. Be aware of these key suspicious elements:
- The extortion email is sent from someone that the recipient does not know and often has grammatical errors.
- The email contains personal information of the recipient, such as a password, to scare them.
- The email states the scammer has images or videos of the recipient either cheating on a spouse or visiting adult websites.
- The email states, “I had a serious spyware and adware infect your computer,” or “I have a recorded video of you” to explain how the explicit material was obtained.
- The email warns that the explicit material will be sent to the recipient’s contact list if a bribe is not paid.
- The email gives a small time frame to pay, usually 48 hours.
- The recipient is informed to pay the ransom in Bitcoin, which makes transactions difficult to trace.
- Do not open emails, attachments or click on links within emails from unknown senders.
- Review your bank activity frequently and your credit report at least annually to detect any unauthorized charges.
- Do not respond to any emails from senders you do not know.
- Do not save any compromising material on your phone or online.
- Regularly review privacy settings for social media accounts and confirm they are providing the maximum security available.
- Make passwords strong, long and do not use the same password for all websites.
- Do not ever share personal information through email. Even if it looks like a legitimate source or it is someone you know, do not send via email.
- Type addresses for websites manually instead of clicking links in an email or through an advertisement. It may look like a legitimate source and have a very similar web address, type it yourself to ensure it is correct.
The FBI does not approve of paying any extortion requests made online. This will allow these crimes to continue and potentially contribute to organized crime and violent crimes. If you have been the victim of this type of scheme, file a complaint at your local FBI office here.
Fraudsters are getting creative and using every angle they can think of the take advantage of the COVID-19 pandemic. There has been an enormous problem with scammers filing for phony unemployment benefits. They are using the personal information of people who have not filed for benefits. People are getting notifications about their claim from unemployment or from their employer. That is how they discover a fraudulent claim has been filed in their name. If you become a victim of this scheme, someone is using your sensitive personal information, including your date of birth and Social Security number. You need to resolve this quickly to protect your credit and financial future by taking these steps:
- Make a report of the fraud to your employer. Retain written documentation of who you spoke with and on what date.
- Report the fraud to your state unemployment agency. A list of state unemployment agencies can be located here.
Make the report online, if you can. It will save time and will be processed faster. Retain any information you receive: any case or confirmation number. If you speak to anyone, make a note of their name and the date.
- Report the fraud to the FTC here. You can work on a personal recovery plan tailored to your situation. You will get a free, one-year fraud alert on your credit reports and close and accounts fraudulently opened in your name. Identitytheft.gov also offers an extended fraud alert or credit freeze for your credit report.
- Monitor your credit reports frequently. For a year after an identity theft, you can check your credit reports once a week here. This assists you in detecting any new fraudulent activity quickly.
The scammers usually have the unemployment benefits deposited into accounts that they maintain. Occasionally the payment gets sent to the account of the person whose name is on the benefits. If this happens to you, the fraudsters may contact you to retrieve the funds. They could impersonate the unemployment agency and tell you it was a mistake and ask you to send it to them. This is a money mule scam. We cover more on money mule scams in this week’s Seniors’ blog. Do not cooperate. This could create more trouble for you. If you receive any payments that you did not apply for, report it to your state unemployment agency and follow their directions. They will never call, email, or text you and ask you to send the money via wire transfer, gift cards, or cash.
The Week of June 1, 2020
Phishing Scams, Spam Spike as Hackers Use Coronavirus to Prey on Remote Workers, Stressed IT Systems
The impacts of the pandemic go beyond massive health concerns, self-isolation, financial ramifications, and loss of jobs. Criminals are taking advantage of the enormous increase in the number of people working remotely. There has been a surge of cyberthreats, including spam and phishing scams. A CNBC flash survey found that 36% of executives on the CNBC Technology Executive Council said that cyberthreats have risen since most of their workforce has gone home to work. One respondent said cyber scams and phishing have increased by 40%. There has been speculation by some experts that the risks could be even higher than this study reports.
Coronavirus Pandemic Creates “Perfect Storm” for Cybercriminals to Exploit People Working from Home: Experts
George Washington University cybersecurity professor Diana Burley states that this pandemic has created the perfect storm for hackers to wreak havoc. People are working from home, most for the first time. They are juggling work and home responsibilities at the same time; it is easy to get distracted and nervous. They do not have the same protections they do when working at the office. This makes them more susceptible to cyberattacks. There have been several phishing scams using the terms “reset password” or “business continuity.” Hackers are preying on fear of the virus and being unfamiliar with working from home. Experts recommend using different passwords and changing them frequently, having up-to-date virus protection and logging out of programs when not in use. Be overly cautious with email. If it looks suspicious, verify it in a way other than email or clicking any links.
Scammers are targeting businesses that are taking advantage of concerns of COVID-19. This is a list of some of the scams that the Federal Trade Commission has been watching.
- Business email scams: Fraudulent emails that appear to come from a boss asking to transfer funds.
- Essential product scams: Scammers are imitating sites of products that are in high-demand. They take your order and your credit card information and never deliver. Type in URLs you know are reliable or verify with someone in your industry you trust.
- Money from government agency scams: If anyone calls offering money from the government for an upfront payment or personal information, it is a fraud.
- Public health scams: Messages claiming to be from the CDC or WHO. They ask for personal information, such as tax IDs or Social Security numbers. Do not respond, click on any links, or download anything. These are phishing or malware scams.
- IT scams: An email that appears to come from your technology department asking you to download something or requesting a password. Be alert for this type of fraud and have someone staff can go to for reliable information.
- Virus-related scams: Scammers are targeting employees working from home with virus-related products. Others are warning about Google not properly displaying business listing. Google is not calling. The best response is to hang up.
Jill Webster first joined Hetherington Group in 2009, then returned in 2018. She has a keen eye for detail, inherent curiosity, and natural persistence that are beneficial when conducting investigations and researching for writing. She works on special projects and is responsible for in-house proofreading of client reports. She creates content for Hg’s blog regarding predators taking advantage of the most vulnerable populations during the COVID-19 pandemic. Ms. Webster develops material and creates webinars for online safety for children.