Published: November 15, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
For those of us who jumped to remote work due to the pandemic, a reality check of how risky this way of working is for many of us is needed. The Internet Crime Complaint Center (IC3) Internet Crime Report 2020 looks at different internet crimes including those associated with remote work. The pandemic hacking boom affects the online security of remote workers and that of the businesses they work for. The report examines some of the security risks remote work creates, and one of the top cyberattack vectors we face every working day.
Working from home can be chock-full of distractions, and focusing on our cybersecurity takes a backseat at best. After all we’re only human, and that’s what hackers count on. The IC3 report finds email phishing is once again a top attack vector, with BEC (business email compromise) leading email attacks against organizations. An inbox stuffed with messages and distractions while also struggling with working remotely together make it much easier to lower your email phishing guard.
Some security software wasn’t built to handle the influx of cyberthreats the pandemic unleashed. The IC3 finds cyberattacks from 2019 to 2020 were over twice where they were in 2018. Organizations of all kinds experienced a spike in BECs that last year cost businesses almost $2 billion in damages. The cost per data breach to businesses averaged $21,659 each. For small-to-medium-sized businesses (SMBs), BEC attacks forced 60% to close their doors within six months of an attack.
Working remotely under stress and with distractions gives BEC attackers exactly what they’re hoping for. They want employees to open and trust their emails, which often appear to be from a co-worker, vendor, or other trusted source. Rather than check an email for suspicious qualities, we inadvertently respond by opening BEC attachments that are full of malware or requests to follow links to bogus copycat websites that steal your sensitive data. Not only will your device be compromised, but the network data security and financial costs to your employer are put in jeopardy.
FBI’s Anti-Phishing Tips
The FBI offers the following anti-phishing tips with a focus on avoiding BEC attacks:
Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
Be careful what you download. Never open an email attachment from someone you don't know and be wary of email attachments forwarded to you.
Be especially wary if the requestor is pressing you to act quickly.
Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org