Remote workers are connected to the internet all day every day. The most common duties range from communicating with clients and colleagues, to sharing business-critical data across multiple platforms and websites.
With the increase in remote working, the window of opportunity for hackers has never been wider. In fact, figures show 49.2% of employed adults were remote working in the UK during April 2020.
Hackings, data breaches and ransomware are on the rise, making it essential for all companies to educate their employees with cyber-security training and provide solutions to mitigate the risks associated with working remotely.
At the root of most ransomware attacks is social engineering, leveraged by hackers, which involves manipulating a person or persons in order to access corporate systems and private information.
From phishing to baiting to tailgating, social engineering scams play into human nature’s inclination to trust. For cyber criminals, it is the easiest method for obtaining access to a private corporate system. After all, why would they spend the time trying to guess someone’s password when they can simply ask for it themselves?
There are three common types of cyber scam that are especially prevalent in current times where more people are working from home and purchasing goods online. Let’s deep dive into each one so you and your employees know how to spot – and mitigate – these online scams.
1. Inbox Scams
The Scam: The below image is a prime example of a phishing email used to spread Locky, a common strain of ransomware. To the recipient, the email appears to come from a business partner asking the reader to “see the attached invoice” by clicking on the attached Word doc. Note how harmless this email appears and how easy it would be for a user to absentmindedly open and click, an action that would result in an instant ransomware infection. It happens every single day.
The Mitigation: Ensure your employees are wary of emails containing unexpected attachments, especially if said attachment is a Microsoft Office file. Before clicking on anything, make sure they confirm with the sender (via phone, text, and/or separate email) what it is before opening or clicking anything.
2. Malicious Website and Malvertising
The Scam: Malicious websites and “malvertisements” are designed to look like a page or ad on a legitimate website. These sites can look incredibly real, featuring branding and logos, which is why so many end up giving cyber criminals their personal information or access to directly inject malware onto their systems. Typically, hackers will insert code into a legitimate site which redirects unsuspecting users to their malicious site.
The Mitigation: Be certain that employees understand this risk and embrace safe browsing habits, making sure they are accessing sites using the HTTPS secure communication protocol and being wary of any site asking for private information. Also, ensure your employees know how to check where the URL links point to before clicking (this is done by hovering the mouse over the link to reveal the complete URL in the status bar at the bottom of the browser).
3. Pop-ups
The Scam: Another common lure is a pop-up that claims that a user’s computer has been locked by a local police constituency because it was used to access illegal material, as you will see in the example below. The lure instructs users to click a link in order to pay a fine, which is bogus.
Red flags include links that redirect to a different domain, pop-ups that require you to enter personal information, misspelled URLs, and URLs with unusual domain extensions (.club, .bid, .xyz etc.).
The Mitigation: Make sure your team understands this type of cyber scam is designed to capitalise on fear of breaking the law. Instruct employees who encounter this type of pop up NOT to click. Instead, they should restart the computer in safe mode. Still there? Get IT (or your MSP) involved.
Protecting your business
Cyber crime is growing at a rapid rate and small to medium businesses (SMBs) are increasingly targeted. Developing a robust, multi-layered cybersecurity strategy can therefore save a business.
Educating your employees about the dangers of cyber threats will boost your frontline of defence and should be the first step in your overarching strategy.
For more information about how to protect your business and employees against ever-increasing cyber threats, contact our team today – call us on 0191 492 1492 or email info@kbr.co.uk.
Contact us