Cybercriminals target employees working from home
As COVID-19 sees more Canadians working from home, cybersecurity experts are warning those who do to beware.
Cyber threats are spiking as online criminals try to take advantage of remote workforces. It’s gone beyond a public health and economic crisis.
“We are hearing from many clients and law enforcement that the level of cyber-attacks, phishing attempts and scams occurring in light of COVID-19 has grown dramatically,” said Miriam Wugmeister, partner and co-chair of law firm Morrison & Foerster’s global privacy and data security group, told CNBC recently. “The bad guys know that every IT department and every cybersecurity group is currently overwhelmed and stretched.”
Cybercriminals are posing as officials from the World Health Organization and other medical experts sending documents that contain links to malware. Also, there are many fake sellers of COVID-19 tests and masks looking to take your money too.
Proofpoint executive vice-president Ryan Kalember says the criminal groups, which he calls threat actors, know people have a lot on their minds right now and may have let their guard down.
“And people click on things,” Kalember said in a Canadian Underwriter report. “Everyone is looking for information and updates … to be communicated by the executives of their own company.”
Proofpoint, a California-based firm, said there are two groups of criminals targeting Canada with fake emails that pretend to provide updated information about the virus.
One example they’ve collected pretends to be from the Public Health Agency of Canada but it refers to a real official from another organization and has a fake email address.
David Masson, Ottawa-based director of threat intelligence for Darktrace, said employees are more vulnerable to cyber tricks “when they’re out and about” and not physically in the office.
“Right now, we’re seeing an explosion of hundreds of thousands, if not millions, of people suddenly working from home for the first time,” Masson said in the Canadian Underwriter report.
“That’s an issue because it’s easier for them to be exploited, Masson said.
A spokesman for eSentire – an Ontario-based private company that manages threat detection and response for organizations in several countries – says criminals “can prosper and grow in chaos.”
The criminals know some organizations weren’t prepared for the impact of COVID-19 and are now playing emergency catch-up, says eSentire vice-president Mark Sangster.
“And those are the times to strike,” Sangster said.
But there are some precautions workers at home can take. Here are some tips:
- Make sure you’re using a Virtual Private Network (VPN)
- Be sure your home network is password protected and your router is encrypted
- Use two-factor authentication to access personal email accounts
- Don’t share or store company documents on your computer or personal email accounts
- Be aware of phishing scams - don’t click on suspicious links or documents
- Don’t share information gathered from friends, social media or suspicious emails with attachments
Scammers and cybercriminals have also raised the ire of Canadian politicians. On March 23, Alberta Premier Jason Kenney did not mince words when he spoke of scammers posing as Alberta Health Service and other organizations trying to defraud people during the pandemic.
"Let me just say to those who are trying to exploit seniors and others during this time of a public health emergency, there must be a special place in hell for people like that," a furious Kenney said. "Just stop it. It's completely un-Canadian and un-Albertan and it is unacceptable.
“It is illegal and if we catch anybody who is engaged in these kinds of frauds or scams, I guarantee you, the book will be thrown at them and they will face the full force of the law."
RELATED READING: Five security threats companies face as workers go remote