A warning for people working from home.
While you work from home, hackers are doing the same thing; targeting people who might be using their company laptop. It’s a nasty scam but is often successful.
“What they do is they look for bad situations to exploit. This virus (coronavirus) is a perfect opportunity,” says retired FBI Special Agent Scott Augenbaum. “Almost everybody is at home. Everybody is online and everybody is stress out right now, so that is a perfect recipe for disaster that the bad guys are going to take advantage of.”
Hackers use several tactics to trick employees
Hackers use several tactics to trick people who are working from home. They send malicious email and text messages that appear to come from a person’s employer, the Centers for Disease Control, or a municipality. The emails look legitimate and appear to come from a legitimate email address, but email addresses are easily spoofed.
Augenbaum says he’s seen that tactic being used for years, but when an employee is working remotely there’s an even greater chance they’ll click on an email that appears to come from their boss.
“I’ve seen numerous occasions when the finance person gets an email from a boss and it says ‘I need you to pay this invoice’,” says Augenbaum. “And what happens is the finance person pays the invoice.”
The invoice, which is fake, links to the bad guy’s bank account.
“There are no protections on the outside because it’s an internal email,” explains Augenbaum. “So besides thinking before we click, people who handle banking and transactions need to think before they act.”
When it comes to emails that appear to be from someone at the CDC, Augenbaum says you should visit the CDC website and verify if the information is there.
Augenbaum says when dealing with transactions and invoices it’s best to pick up the phone and call whoever is asking for one to be paid.
A recent scam used by hackers is sending emails that include a link to a fictitious coronavirus map such as the website from Johns Hopkins University. Instead of being taken to the legitimate website, the victim clicks and the link installs malware on their computer. You may not even know the malware is working until it is too late.
The official Johns Hopkins website can be found here: https://coronavirus.jhu.edu/map.html
Scott Augenbaum is the author of a book on cybersecurity that is available online: https://amzn.to/33Y3uKb