Frama Home Office Initiative – 2nd Round2. November 2020
Manage personnel administration in the home office without worries and send confidential data securely by email17. November 2020
Phishing, whaling and CEO fraud are terms that have appeared in previous blog posts, but in the days of the home office, they are taking on new meanings. When your boss asks you to transfer a large amount of money to a specific bank account, you can't just walk into his office from home and check for confirmation. Read on if you want to know how you can still protect yourself from cybercriminal attacks.
The current situation is just what cybercriminals are looking for. Most people work from home, are insecure about the situation and yet have a strong need for information. On this basis, attackers can use various methods to gain access to sensitive data.
Which methods do attackers use?
The phishing method involves sending emails to lots of recipients. A popular variant are messages from a putative support, Amazon or eBay. Allegedly there are problems with your user account, a link takes you to a page that looks very similar to the original website. There, the victims enter their login data for the service and the attackers get hold of them.
Spear phishing works in a similar way, except that the attack is planned on a specific person. With this method, more effort is put into it, for example, by trying to get information from a member of the finance department. This method is often used if the attackers have been commissioned by a government.
The aim is to reach the "big fish", i.e. usually employees who are highly positioned in the company. Personal information is collected via social media such as LinkedIn or Facebook in order to send personalized emails or websites to the victims.
With this method, the attacker pretends to be the CEO. To do this, the attacker creates an email address that is similar to that of the CEO. Then the cybercriminal often contacts the human resources or finance department to obtain personal data or to receive a money transfer to his account.
More about phishing, spear phishing and whaling can be found here.
We have also published another blog post about CEO-Fraud.
How can you protect yourself from attacks?
Do not connect your private devices to the employer's network. This makes it easier for cyber criminals to access the employer's servers from your device.
Conversely, you should not do private things with your employer's computer, such as surfing the Internet. This makes you more vulnerable to accidentally installing malware from cyber criminals. They can then access the employer's servers.
Beware of phishing mails! Especially at the moment the insecurity of the people can be used to spread false information and also false links. So, take a closer look at the sender of the email first
Criminals can easily get information about you via social media and personalize the emails. Therefore, always check in general if you can trust the sender.
Do not post or send photos or screenshots from online meetings. If the URL is visible there, strangers can enter the meetings.
If you are unsure, contact your IT department. They can provide detailed information about internal security methods and give you specific tips.
Source: https://www.elektroniknet.de/markt-technik/messen-testen/so-schuetzen-sie-sich-im-homeoffice-174822.html (german only).
Frama RMail offers another way to protect yourself from such attacks. Apart from the fact that e-mails with sensitive data can be encrypted, documents signed or large files up to 1 GB can be sent without any problems, RMail has a protection against whaling mails. An algorithm checks the structure of the e-mail, and employees are warned of a possible attack via pop-ups. You can read more about the advantages of RMail here.
With our temporary home office initiative, you benefit from a fair use policy of free RMail messages. For more information contact our local sales team. Join the initiative now or learn more here.