According to a study by NortonLifeLock, 16.5 million Brits have been victims of various cybercrimes over the last year. These scams were effective to the tune of £1.4 billion, and it doesn’t look like they’re going away anytime soon, so now is the best time to find out how to avoid scams online.
Norton predicts this figure will rise in 2020, as cybercriminals take advantage of fears formed by the Covid-19 pandemic. With thousands of us working from home right now, it’s crucial we all take measures to protect the sensitive information, passwords and banking information we use every day.
So, how do you stay safe when you’re stuck working from home? Trusted Reviews reached out to a range of security experts to determine the top ways to dodge cyber scams and keep your personal data safe.
The easiest way to hide your devices from snooping eyes is to install a VPN and antivirus software.
Working from home can be fun, but being out of the office can also strip us of the safeguards we rely on to ward away malware and phishing scams daily.
“While it’s great to know we’re connected to our colleagues, friends and family at all times, it’s important for both businesses and consumers to remain aware of the security risks this brings, including; malware attacks, identity theft, phishing and ransomware”, said chief scientist and McAfee Fellow Raj Samani.
“Many people may need to use public Wi-Fi to stay connected both professionally and personally. However, by using an unsecured Wi-Fi connection, you may be creating an easy gateway for hackers to access your personal information and data. Be sure to use a virtual private network, which is extremely important for establishing a secured connection to work files and personal photos saved in the cloud”.
“We will also see many people who are used to the protection offered by a corporate/education network working remotely for the first time”, explained Kaspersky principal security researcher David Emm.
“This, coupled with opportunistic attacks from cybercriminals exploiting people’s fears over this virus outbreak could create a perfect storm for cybercriminal activity”.
If you’re concerned about cyber scams, you should check that all of your devices are protected with a reputable internet security product, including mobiles and tablets.
Update your apps and devices
A key way to avoid falling victim to scams is to remain one step ahead of the scammers. If you allow your software to get left in the dust, attackers can take advantage of unpatched security flaws and weaknesses to infect your devices.
“Update all of your software to the latest version and ensure you have applied any recent patches, making sure to also check browser plugins, antivirus software and mobile applications are all up to date”, said Attivo Networks’ chief deception officer, Carolyn Crandall.
“Attackers are well aware of the holes and will go after them if you leave them open”.
It isn’t just software you should keep up to date, either. If you don’t change your password frequently, this is a good habit to get into that will help keep hackers from accessing your device.
“They may attempt to use stolen passwords from prior breaches to break into your computer”, warned Crandall.
“If you use the same passwords for work and at home, this is a critical time to change them. As you do your updates, this would be an ideal time to change over to a password manager. Use unique, long passwords or passphrases over 15 characters, or take advantage of the password generator in a password manager. The longer a password, the harder it is for an attacker to crack it”.
It’s also good to make use of two-factor authentication where possible as this adds an additional layer of protection to your accounts and devices.
Related: Best antivirus
Look out for dodgy links
Your email inbox can be home to countless dangerous links and phishing scams, and your work account is no exception. In recent years, these messages have only gotten more convincing with personal information, and sign-offs appearing to come from close friends, family and colleagues.
It’s always important to practice caution if you want to avoid clicking on any potentially dodgy links, especially on a work computer or phone.
“Phishing email scams are looking more authentic as they continue to use more personal information gathered from public sources, so you should never assume it is safe to click on a link even if the email includes personal information like name, home address or job titles etc.”, said Thycotic chief security scientist, Joseph Carson.
“Before clicking, ask yourself: ‘Was this expected?’ and ‘Do I know the person who is sending this?’. On occasions, check in with the actual person on if they actually did send you an email before you aimlessly click on something in which might be malware, ransomware, a remote access tool or a virus that could steal or access your data”.
Some attackers are even taking advantage of the coronavirus outbreak to get you clicking, according to cybersecurity firm Skurio.
“Marketers have stepped up their online advertising to target those with health concerns”, pointed out Skurio CEO Jeremy Hendy.
“Knowing this, phishers and scammers will use previously breached details to try to exploit these campaigns by imitating emails and tempting people to click on malicious links.
“Skurio has witnessed ‘click the link for voicemail’ type emails becoming a tactic of choice, as well as links to supposed sources of latest news and advice on the outbreak. Hundreds of domains have recently been registered and trying to spot fake from genuine is difficult, so only go to news sources you trust”.
“Always think twice before actioning any messages or emails regarding the pandemic which asks for any personal data”, said Samani.
“Never share your personal information and as a rule of thumb, always go directly to the source as opposed to clicking links or replying direct to messages”.
Related: Best VPN
Don’t use personal devices for work
It might sound obvious, but avoid doing work on your personal phone and laptop. Aside from blurring the line between your work life and your home life, doing office work on your personal laptop could also compromise your work security.
“Home networks have less restrictions and security measures compared to corporate networks and if a company is not pushing all traffic over a VPN tunnel with outbound filtering, then exfiltration of credentials data could become a viable path of attack for those targeting people when they know they are sitting at home and not passing the corporate security perimeter”, said F-Secure principal security consultant, Tom Van de Wiele.
“For a work device, anyone’s home network should be considered untrusted, and workstations, e.g. laptops, smartphones that are on a home network should regard the network in the same way as a hotel, airport or city mall.
“Make sure you are not exposing any services or management interfaces on your home router or whatever services you are using. If you are not using corporate VPN, and you are a home user, you can avoid credential theft through phishing scams by blocking outbound services that you would not use over the internet. These include file/printer sharing services which are also used for authentication. Don’t click on links in emails unless you specifically asked for a certain email and always go to the website first and log-on there”.
Don’t use work devices for personal matters
In the same way that doing work on your personal devices is a bad idea, so is going about personal business on your work laptop.
“It’s going to be tempting to read the latest news, check personal email, and see how your friends and relatives are doing on social media”, said Varonis technical director, Matt Lock.
“But all this activity on a work device makes it more likely employees will fall prey to a cyberattack. If just one employee becomes infected and VPNs into the corporate network, they may unknowingly open the entire company up for exploitation”.
To sum it up in the wise words of F-Secure chief research officer, Mikko Hypponen: “Your work laptop is your work laptop. It’s meant to be used by you, not by your kids. When it’s not in use, it should be locked. Also, it’s not for games, or Netflix, or porn.”
What should I do if I spot a coronavirus related phishing scam?
The National Cyber Security Centre (NCSC) has actually launched a campaign in response to the large amount of phishing scams capitalising on the recent coronavirus outbreak. The ‘Suspicious Email Reporting Service’ makes it easy to forward suspicious emails to the NCSC.
“The regular reporting of suspicious emails by users is incredibly important as they are the front line of defence against an increase in phishing attacks – especially when SEGs (Secure Email Gateways) miss them”, said David Mount, the European director of Cofense.
“Phishing emails are renowned for playing on our emotions and fears, but it is crucial to take a step back and consider the authenticity of any suspicious email. Just as we’re working together to contain the spread of the pandemic itself, we must do the same to ensure that scammers don’t hit their mark”.
You can forward any Covid-19 phishing scams by following the steps outlined on the NCSC website.