Home Office – E-Signature for mobile working30. March 2020
Install RMail – with just a few clicks installed in your home office9. April 2020
Phishing, whaling, CEO Fraud. All words that have appeared in other blog posts. But in the times of home office they take on a new meaning. Imagine that you receive an email from your boss asking you to transfer a large amount of money to a bank account. You can't go to your boss's office as usual and ask him to confirm the transfer, and you may uncover a cybercriminal who has just tried to get money from your company. If you want to know what can be done from home against fraudsters and their attacks, read on.
The current situation is just what cybercriminals are looking for. Most people work from home, are insecure about the situation and yet have a strong need for information. On this basis, attackers can use various methods to gain access to sensitive data.
Which methods do attackers use?
The phishing method involves sending emails to lots of recipients. A popular variant are messages from a putative support, Amazon or eBay. Allegedly there are problems with your user account, a link takes you to a page that looks very similar to the original website. There, the victims enter their login data for the service and the attackers get hold of them.
- Spear phishing
Spear phishing works in a similar way, except that the attack is planned on a specific person. With this method, more effort is put into it, for example, by trying to get information from a member of the finance department. This method is often used if the attackers have been commissioned by a government.
The aim is to reach the "big fish", i.e. usually employees who are highly positioned in the company. Personal information is collected via social media such as LinkedIn or Facebook in order to send personalized emails or websites to the victims.
- CEO Fraud
With this method, the attacker pretends to be the CEO. To do this, the attacker creates an email address that is similar to that of the CEO. Then the cybercriminal often contacts the human resources or finance department to obtain personal data or to receive a money transfer to his account.
More about phishing, spear phishing and whaling can be found here.
We have also published another blog post about CEO-Fraud.
How can you protect yourself from attacks?
- Do not connect your private devices to the employer's network. This makes it easier for cyber criminals to access the employer's servers from your device.
- Conversely, you should not do private things with your employer's computer, such as surfing the Internet. This makes you more vulnerable to accidentally installing malware from cyber criminals. They can then access the employer's servers.
- Beware of phishing mails! Especially at the moment the insecurity of the people can be used to spread false information and also false links. So, take a closer look at the sender of the email first
- Criminals can easily get information about you via social media and personalize the emails. Therefore, always check in general if you can trust the sender.
- Do not post or send photos or screenshots from online meetings. If the URL is visible there, strangers can enter the meetings.
- If you are unsure, contact your IT department. They can provide detailed information about internal security methods and give you specific tips.
Source: https://www.elektroniknet.de/markt-technik/messen-testen/so-schuetzen-sie-sich-im-homeoffice-174822.html (german only).
Frama RMail offers another way to protect yourself from such attacks. Apart from the fact that e-mails with sensitive data can be encrypted, documents signed or large files up to 1 GB can be sent without any problems, RMail has a protection against whaling mails. An algorithm checks the structure of the e-mail, and employees are warned of a possible attack via pop-ups. You can read more about the advantages of RMail here.
With our temporary home office initiative, you benefit from 500 free RMail messages per user. Join the initiative now or learn more here.