3 Common Ways You Can Be Hacked While WFH & How To Help Prevent It

3 Common Ways You Can Be Hacked While WFH & How To Help Prevent It
Image: iStock/SeventyFour

This article is sponsored by Telstra.

It’s no secret that scams cost Australians hundreds of millions of dollars every year. With the COVID-19 pandemic forcing a huge number of people to work from home for the foreseeable future, vicious new scams exploiting this new way of working have bubbled to the surface, many exploiting poor cyber security.

The first half of 2020 has seen cyber crimes nab more than $52 million from Aussies, with that number expected to climb as the year continues. While COVID-19 has presented these criminals with more opportunities to cash in on the chaos, the methods they use are very similar to those used pre-pandemic.

Whether you own a business or are an individual working within one, knowing how to identify and help defend against cyber attacks is an important skill to have, particularly for small to medium-sized businesses (SMBs) which are often overconfident in the protection they have.

In fact, according to the Telstra Business Intelligence Report 2020 provided to Gizmodo Australia, 27% of SMB respondents (38% for smaller businesses in this category) said they have no security practices in place at all, while 48% manage their cybersecurity totally in-house.

Furthermore, 63% of business owner respondents agree or strongly agree that their employees fully understand cyber threats and keeping customer data secure, yet only 49% of the people surveyed are actually confident in these areas. With a knowledge gap that large, it’s important that staff are properly trained in cybersecurity or a comprehensive protection service is implemented.

Here are three common types of scams and how to protect yourself and your company from them.

False billing

As the name suggests, false billing involves sending convincingly fake invoices to either coax recipients into blindly paying them or simply obtaining sensitive information. They could be inviting your business to be listed on a registry that doesn't exist, chasing payment for items that were never actually ordered or asking you to renew a domain name, to list a few.

These scams generally rely on admin staff blindly paying invoices, which is why the person sending them will attempt to emulate invoices your business may receive often. Luckily, there are often tell-tale signs to these emails, which give them away as fakes, making education so important, particularly for those businesses that choose to handle their own cybersecurity.

Fake invoices will usually come from a slightly different email address than they normally would, look low in quality and may ask you to click on various links or download attachments that contain malware. To help combat this type of scam, businesses should try and limit the number of authorised bill payers and buyers who can pick up on the subtleties of fake invoices. Goods and services should also be reconciled with invoices to ensure they were actually ordered.

When a business is hit by something like this, they're often hit hard. Of the respondents that experienced an attack in Telstra's report, 52% of them took several days or longer to resolve the incident and regain control, while 32% of them experienced a direct financial impact.

With this in mind, it's imperative that businesses have a post-breach plan in place in the event of an attack to help them get back on their feet fast. Telstra offers this as part of its suite of services that come with Business Cyber Security Services, which should be strongly considered by the one in four businesses that do not have any plan in place, the telco revealed.

As of July 1, 2020, this also includes Endpoint Protection (EPP), providing an added layer of protection for mobile devices and laptops. While EPP and Telstra Internet Protection (TIP) work together to help provide multiple layers of protection, there are key differences.

TIP focuses on helping to filter out malicious items from web and mail traffic, but EPP covers specific device securities across Windows and Apple PCs, notebooks, tablets and mobile phones. It also features encryption, password management,  malware protection and firewalls. In other words, when combined with TIP, EPP helps with turning your digital infrastructure into a fortress and helps you maintain it.

Malware and ransomware

Malicious software, or malware, can track things like files and even the keys you type once it's installed on a computer, which can expose sensitive client information or passwords for important accounts. Ransomware, on the other hand, can completely lock your files and demand a sum of money be paid to have them unlocked.

The best example of this is the WannaCry virus which infected more than 140,000 Aussie businesses in 2018, costing them thousands to access their own files.

Scarily, malware often tricks the user into installing it themselves, often via a dodgy link or email attachment. They aren't just limited to emails, either, with random social media messages or pirated music, games or movie files often used as vectors for both malware and ransomware.

“Many email-based ransomware scams use fake bills as attachments to infect your computer,” Scamwatch says. “If you receive an unexpected bill from a utility provider, do not open the attachment.”

The best course of action is to delete links and attachments sent to you by someone you don't know or flag them as spam, especially if the file extension is ".exe". Businesses should be extra vigilant with antivirus software and ensure that it is always up to date to help catch anything that happens to fall through the cracks.

Again, Telstra's Business Cyber Security Services can help assist you with all of this, with EPP helping keep guard of both your web and email services against these threats and more. On top of 24/7 support, the package also includes four assessments per year to understand your unique cyber environment and provide reports and recommendations to help minimise downtime or help avoid data breaches for personal information, which can incur hefty fines should they occur.

Identity theft

Some scammers will be capitalising on remote workers, using crude forms of identity theft to achieve their goals.

For example, you may get an email from someone claiming to be your boss or the CEO of your company requesting you carry out a task for them. The email address may closely resemble the actual email address of that person or be completely different, with the body of the email offering a vague excuse for the latter.

Often, the requests are so outlandish and poorly worded that they can be identified as fraud immediately, such as asking you to take company money and deposit it into an account via a bitcoin ATM. If it sounds like a strange request, it probably is, but if you're ever unsure, be sure to check in with that person via another platform or even better, a phone call.

Cybersecurity is an ever-evolving issue but to help protect your business from cyber security threats like these, you can learn more about Telstra’s business protection here.