Many companies are quickly planning for employees to work from home, and others are fast-tracking policies to meet the requirements of shelter-in-place orders issued by state officials. These actions are making it an even higher risk of people being targeted by scammers, especially through phishing emails or through an unsecured network connection.
Transitioning from an office setting to home, many may find themselves more vulnerable to tech support scams. With limited IT resources available, employees may attempt to solve technical issues themselves when confronted with pop-ups and virus alerts. BBB Scam Tracker received a report of a victim losing nearly $250 to a tech support scam. The report stated a pop-up window appeared when the user’s computer froze. The instructions on the pop-up window said to contact a company claiming to be affiliated with Apple. After following the directions, the consumer paid for what they thought would fix the problem and never heard from the tech support company again.
Another concern for employees transitioning to a work-from-home environment is Business Email Compromise (BEC) scams. BEC scammers impersonate emails that appear to come directly from the boss. These fraudulent emails are often used to request large payments to “vendors” via wire transfer. While this is a common scheme, scammers may change their approach and use current events as a way to convince the recipient to take action. Compromised business emails may be used to request payments for things such as reimbursements, bogus invoice payments, or office equipment.
Advertised work from home opportunities aren’t always what they seem, especially for people who have recently been furloughed or laid off. Employment scams are ranked the top riskiest scam in both the 2018 and 2019 Scam Tracker Risk Report. A common red flag to make note is the opportunity to work from home and what seems like a high hourly wage with minimal effort. However, as more employers practice social distancing and require employees to work from home, differentiating between legitimate and fraudulent job opportunities will become more difficult.
While working from home and watching to see how the situation surrounding the COVID-19 outbreak develops, here are some tips from the Better Business Bureau to avoid falling victim to scams:
- Be aware of unusual procedures. Job offers without interviews are a red flag of employment scams, as well as employers that overpay and ask to wire back the difference. Take note of companies that promise opportunities or high income if you pay them for training.
- Check official job postings. Scammers will often use emails, social media or online job boards to reach targets. They are also known to use actual company names, addresses and human resource contacts found on the internet. If a job posting seems too good to be true, go directly to the company website and check their career page directly. If a website is charging you for information about a job opening, it is probably a scam.
- Set up work-from-home IT policies. When setting up remote employees, establish a plan to help them with technical problems they may face. Instruct them on who they should contact, and who to avoid, for tech support. A plan can protect employees, the business and your customers from having their personal and professional information compromised.
- Maintain office billing policies at home. One of the best ways to combat business email compromise scams is to set a policy requiring employees to confirm payment requests in person or over the phone, rather than over email. If the employees that handle billing are working from home, have them maintain these policies by calling to confirm any payment requests made by email.
- Review safety practices with employees. As employees are working remotely, remind them of the best practices to avoid scams. Practices such as avoiding clicking on pop-ups or links in unsolicited emails are encouraged and if they aren’t sure of the origin of an email, have them contact a colleague or supervisor by phone. Make sure they know tech support professionals would never call them unless they had requested assistance first.
A notable increase of hacking/phishing attempts is being noted by IT companies, as more people are quickly adapting to a new work from home or remote situation. As the current trend continues, there are some tips to keep you and your business data secure.
Here are 10 best practices for staying cyber secure while working remotely:
- Remember to save your work and lock your computer when stepping away from your desk. This applies to personal and corporate PCs alike.
- Log off. When you are finished for the day, log off your remote PC. Don’t just lock it or disconnect from it without logging off.
- Password protect your office cell phone.
- Don’t click. Watch for any coronavirus (or other) communication asking one to click a link, log in or supply a password. These messages should be viewed with extreme skepticism.
- Never open an attachment, links, or reply to messages unless you are 100 percent certain that the source is legitimate and that the communication was expected.
- Call to verify. If you get an e-mail requesting you to do a favor from your manager (like purchasing Target gift cards or wire transferring money), always call them to verify before acting. Most of these requests are bogus.
- Don’t allow remote IT support without verifying the source. Your IT department will communicate with you first before connecting to your computer. If anyone you don’t recognize calls you and claims to be with your IT department and asks you for your password, Connectwise, Automate, Machine, or TeamViewer ID or other sensitive information, hang up and call your IT department to see if the request was legitimate.
- Do not accept unsolicited support calls claiming to be from Microsoft, Apple, or other vendors.
- Avoid pop-up numbers. If a message box pops up with a phone number in it, do not call the number.
- Always run anti-virus/anti-malware software on your computers, particularly home PCs. Ensure that your subscription and antivirus definitions are kept up-to-date. Also, ensure that Windows PCs are rebooted regularly and that Windows Updates are routinely installed on home systems.