How Has Work-From-Home Emboldened Hackers and Phishers?

When it comes to a certain subset of cyber bad actors, the Covid-19 pandemic and subsequent rise of remote work was the perfect storm for them to better their craft.

Not only has new technology made a hacker’s job easier and phishing scams and cyberattacks appear more legit, but the nation’s collective exodus from the office to remote work had IT professionals focused more on the transition and less on cyber security. 

An Increase in Phishing Attacks Targeting Employees

“We’ve seen such a rise in phishing attacks via employee email, and there are a few ways to account for it,” says Jean Martin, a Tampa-based class action lawyer with Morgan & Morgan.

• “First, there is not enough time and money in place for employee training to look for these types of emails and be aware of how to spot them.
• Second, in the post-coronavirus age, with so many remote workers, different security issues have been raised, as most IT departments have their hands full with remote access.”

Martin adds a more relaxed approach to an inbox as problematic, too.

“Whereas now employees might be at home on a home computer and toggling back and forth between personal email and work email, it’s more common to receive and open email that looks like it came from a personal account,” she says.

“And, of course, there is the whole issue of employees now being on less secure home networks than the corporate intranet.” 

How Do You Detect Phishing Scams?

So what red flags should employees look out for so they don’t get hooked on a phishing line by cybercriminals?

“Anything not from a company domain should be scrutinized,” Martin says. “Also, are there strange spelling and fonts? Does an email appear in your inbox from someone you regularly communicate with, but there is a change in language pattern? Or is someone who doesn’t usually communicate with you because of corporate structure all of a sudden casually reaching out?”

And, of course, the biggest warning sign, she says, is a request for you to send any kind of personal information or company data through phishing emails or social media. 

What To Do if You Receive a Suspicious Message

“A good practice—and my IT department probably hates me as I do this constantly—is to really just immediately forward anything that looks even the tiniest bit suspicious to ask, ‘Is this legitimate?’” Martin says. 

With a bit of cyber common sense, you can avoid being caught in an email phishing scam. However, being proactive about a data hack requires more work. 

Taking Proactive Measures

Martin suggests that any time a company asks for consumer information, question not only how the data will be used and stored but if it’s really necessary to have it in the first place. “Particularly a Social Security Number, since you can never get that back,” Martin says. 

Other proactive measures include being hyper-vigilant about credit account activity. Even a spike in spam emails could be an indication that your personal data—including your email address—was leaked. 

What To Do if There’s a Security Breach

And if it is, get on the phone.

“If you are subject to a data breach, you will be contacted by the hacked company, and there will be a phone number. Call and ask as many questions as you can,” she says. “Then change all your passwords immediately and pull your credit report.”

She also suggests putting your local post office on alert. “Sometimes when an identity gets stolen, the hacker will divert your postal mail so you don’t know that your name is being used to open new credit accounts,” Martin says. 

She has one more piece of advice regarding human error.

“Please, I implore you, stop giving away sensitive information for free by answering those Facebook quizzes that ask for things like your maiden name, your dog’s name, your first car—all clues to help figure out your passwords,” Martin says. “If people would just stop doing that, we’d be so much better off.”

Get Legal Help from an Attorney with Experience in Data Security

If you have questions or concerns about what to do if you’re the victim of identity fraud or how to improve vulnerabilities, a technology transactions lawyer can help. 

For more information on this area of law, see our overview of technology transaction law and related content on cyber threats and ransomware attacks.