© pixabay

Protection against phishing when working from home—seven tips

When working from home, employees are exposed to increased stress and are therefore more susceptible to phishing emails. But simple measures can reduce the risk considerably.

Phishing is nothing new. Cybercriminals have been using this method for a good quarter of a century, and it is still effective. After all, the weak point always remains the same. Whether it’s email (phishing), SMS (smishing), telephone (vishing) or social media—the route always leads to sensitive data about people. Employees who, due to the pandemic, sometimes hastily shifted their work to the home office, are the ideal target—especially when it comes to attacks that are tailor-made to current issues and concerns.

The Sophos Phishing Insights Report 2021 indicates that global phishing attacks on companies increased by 70 percent. Moreover, according to a current study by G DATA, brand eins and Statista, phishing emails cause significantly more damage when working from home than in the private environment or in the office. When working from home, access data or personal data was stolen in one fifth of the attacks. In the office, this was the case only 14.6 percent of the time.

According to a finding from the eco IT security study 2021, for years, the greatest threat has come from ransomware (blackmail trojans). Criminals often try to distribute manipulated PDF, ZIP or Office files as well as hidden executable programs using social engineering via email attachments. After opening, the files on the hard drive are encrypted or the compromised system is locked, with the aim of demanding a ransom from the victim for recovery.

A seemingly harmless email can turn out to be a million-dollar ransomware attack. The 7 tips from the eco Association of the Internet Industry show how employees protect themselves from this:

  1. Always be aware that cyber criminals could try to gain access to corporate networks at any time with your help. Take regular training courses.
  2. If you are unsure whether you may have been the victim of a phishing attack, report this to the IT manager immediately. Also, let them know if you have passed on critical information over the phone.
  3. Never share personal data such as passwords, credit card or transaction numbers via email, messenger service, social media or on the phone. It sounds obvious, but when working from home you are easier to manipulate and deceive.
  4. In general, avoid clicking on links in emails that lead to log-in pages. Instead, it is better to save addresses for frequently visited log-in pages in the browser’s favorites list or to visit the mentioned page via the start page of the organization concerned.
  5. Never click on links received via SMS. With these, it is particularly easy to forge the sender. Smishing (SMS phishing) is a text message or SMS attack method that invites you to follow a link or call a number. Visit the sender’s page directly in the browser.
  6. Never start a download link directly from an email if you are not 100 percent sure. Instead, always start downloads directly from the provider website whenever possible.
  7. Before opening files attached to an email, make sure that the message actually comes from a trustworthy sender. If in doubt, contact the sender by phone.