How Has Work-From-Home Emboldened Hackers and Phishers?
Tips to protect your data
on October 14, 2021
Updated on September 6, 2022
We can agree that there isn’t much the pandemic hasn’t made worse. But when it comes to a certain subset of cyber bad actors, the pandemic was the perfect storm for them to better their craft—not only has increased technology over the past two years made a hacker’s job easier and phishing scams and cyberattacks appear more legit, but the nation’s collective exodus from the office to remote work at home had IT professionals focused more on the transition and less on cyber security.
“We’ve seen such a rise in phishing attacks via employee email, and there are a few ways to account for it,” says Jean Martin, a Tampa-based class action lawyer with Morgan & Morgan. “First, there is not enough time and money in place for employee training to look for these types of emails and be aware of how to spot them. Second, in the age of Covid, with so many employees working remotely, different security issues have been raised, as most IT departments have their hands full with remote access.” Martin adds a more relaxed approach to an inbox as problematic, too. “Whereas now employees might be at home on a home computer and toggling back and forth between personal email and work email, it’s more common to receive and open email that looks like it came from a personal account,” she says. “And of course there is the whole issue of employees now being on less secure home networks than corporate intranet.”
So what red flags should employees look out for so they don’t get hooked on a phishing line by cybercriminals?
“Anything not from a company domain should be scrutinized,” Martin says. “Also, is there strange spelling and fonts? Does an email appear in your inbox from someone you regularly communicate with, but there is a change in language pattern? Or is someone who doesn’t usually communicate with you because of corporate structure all of a sudden casually reaching out?”
And of course the biggest warning sign, she says, is a request for you to send any kind of personal information through phishing emails or social media.
“A good practice—and my IT department probably hates me as I do this constantly—is to really just immediately forward anything that looks even the tiniest bit suspicious to ask, ‘Is this legitimate?’” Martin says.
With a bit of cyber common sense, you can avoid being caught in an email phishing scam. But being proactive about a data hack requires more work.
Martin suggests any time a company asks for consumer information, question not only how the data will be used and stored, but if it’s really necessary to have in the first place. “Particularly a Social Security Number, since you can never get that back,” Martin says.
Other proactive measures include being hyper-vigilant about credit account activity. Even a spike in spam email could be an indication that your personal data—including your email address—was leaked.
And if it is, get on the phone. “If you are subject to a data breach, you will be contacted by the hacked company and there will be a phone number. Call and ask as many questions as you can,” she says. “Then change all your passwords immediately and pull your credit report.”
She also suggests putting your local post office on alert. “Sometimes when an identity gets stolen, the hacker will divert your postal mail so you don’t know that your name is being used to open new credit accounts,” Martin says.
She has one more piece of advice, too.
“Please, I implore you, stop giving away your personal information for free by answering those Facebook quizzes that ask for things like your maiden name, your dog’s name, your first car—all clues to help figure out your passwords,” Martin says. “If people would just stop doing that, we’d be so much better off.”
If you have questions or concerns about what to do if you’re the victim of identity fraud, a Florida technology transactions lawyer can help. For more information on this area of law, see our overview of consumer law.