Tools

Cyber scams are estimated to be a $6 Trillion a year problem and will be over $10 Trillion by 2025, according to cybersecurity ventures.

After conducting a short survey of 4,000 people via CyberSafe, we found over 95% of the audience said they had received either a text, email or phone scam attempt in the last 12 months. Yesterday I received a robot phone call from the “government” saying I owed them $1200. This was the motivation behind writing this article.

In this article, we’ll cover What are scams & how do we avoid them?

Online Scams are:

“a fraudulent invitation, request, notification or offer, designed to obtain someone’s personal information or money or otherwise obtain a financial benefit by deceptive means.”

 

Scams involve fake websites that suggest users click on a link. They often involve money orders or credit cards and identity theft but are the most common scams so we can know what to look out for?

The 3 Most Common Online Scams

Phishing is the name given to scams that focus on getting your personal details, with the end goal of being able to impersonate you online, usually to make money. The less personal information you share online publicly, the more you are protected from these sorts of scams, as they often rely on piecing together enough information to seem genuine. Phishing usually comes in the form of Calls, Texts or Emails.

Text Phishing

Have you ever received a text message that says something like, “Congratulations! you just won $1 million dollars!”?. According to Phishing activity trends, these types of texts have doubled in the last year alone, and nearly 95% of people who own a phone have received a message like this.

What to do?

The best thing you can do when receiving these messages is not replying. If you do reply, your details go onto a secondary data list which will continue to text and sell your details to other hackers. When you text back, whether you like it or not, you’re giving the hackers more information and ammo to use against you, like your phone number, name and showing gullible behaviour.

Email Phishing

Email scams have been the most popular way to gain access to another person’s computer. A link to a website can automatically download malware or suggests a “security check” by typing numbers that actually give remote access to a scammer.

How to spot a scam email

1. Scam emails often have spelling or grammatical errors. This is by design to find and secure oblivious and gullible email recipients.
2. Scam emails often provide clickable links with prompts for the recipients to click on and interact with, like the one mentioned above.

How to counter scam emails

1. Disable all email notifications from all social media sites: this way, you’ll be able to identify any future social media related emails as hacks
2. Only check notifications from the official social media apps themselves
3. If you do receive an email with a link attached, hover over it to make sure the website is spelt correctly. If in doubt, copy and paste the link into Google to double-check.

Scam Calls

If you have owned a phone for more than six months, chances are you have received a scam call. Scammers will try to claim to be apart from the government or debt collectors. They urgently need to contact you about tax or bills which, if not paid, will land you in deep trouble. They try to create urgency and fear. By invoking emotion, a lot of us don’t think clearly.

My own PA, who now works at cyber safe, scammed thousands of dollars years before working with me. She received a call saying her tax bill was never paid. They asked her for his email & sent a very real looking invoice – which she paid.

And it’s not just individuals. Banks and even governments get scammed on a regular basis. According to Market Watch, 1/10 Americans are scammed per year.

How to Spot a Scam call

1. Calls often come from unknown numbers.
2. When you pick it up, the dial tone often takes 5 seconds for the caller to start speaking. This is their operating system transferring the pick up to an available scam-caller within their organisation.
3. Often English as a second language.
4. They often start by asking you to identify yourself as they usually do not have information about you.

How to counter scam calls

1.    Make sure to ask upfront what the call is in regards to and what department/organisation they are from.

2.    Search the organisation online while on the call and match the incoming phone to what is listed on the actual website. If it is a real and trustworthy organisation, proceed to contact them with the number listed on their website (not the number that was given to you from the original callers).

3.    Confirm the identity of your original caller and whether or not the claims made about you are legitimate.

Online scams are not going away and are predicted to double over the next five years. They continue because they make money. The best thing we can all do is understand the size & popularity of these types of scams and know the basics of how to both protect our online reputation and keep safe online. 

Photo by JESHOOTS.COM on Unsplash

It doesn’t have to be difficult to address remote work security as an employee, team leader, or manager. Often, it’s only a matter of understanding the basics of how data transfer works and how your home electronics are actively keeping you safe.

With a few key tips from VirtualPBX, a leader in business communications that takes its customers’ digital security seriously, you can stay safe at home throughout your work day, and your company will be better off for taking the time to address this important aspect of remote work.

Use Strong Passwords

The biggest improvement you can make to your remote work security is by using strong passwords.

You have a lot of power here because you can pick almost any password you want for your digital identity on sites like Slack, your company Facebook, or your Google Docs. Sure, it can be funny to read through the most common passwords of 2020, but we hope you aren’t expecting “12345” or “qwertyuiop” to keep anyone malicious out of your accounts.

Creating a Password

Strong passwords aren’t difficult to create. Moreover, they’re not difficult to remember if you follow smart guidelines. Google recommends creating passwords of at least 12 characters and using phrases that you can easily remember. Maybe you have song lyrics that are important to you (“therainfloweddownacrosshiseyelids”) or there’s a secret video game code combination you recall (“updownleftuptricirclesquare”).

You can insert symbols, numbers, and capital letters in your passwords to give them greater strength, such as changing that second password to (“updownleftup3CircleSquare”).

Strength Through Entropy

What you’re aiming for is strength through entropy, which means you are looking for randomness by sourcing your passwords’ characters from large sets of data. The set of 26 lower-case characters (a-z) is distinct from the 26 upper-case characters (A-Z), and then another set of 10 characters comes into play when you use numbers (0-9). All told, the use of 26+26+10 characters gives you 62 pieces of information to draw from rather than only 26 or 10 from any of those sets alone.

Entropy is what keeps computers from being able to brute force attack your passwords. The reason that “12345” is a terrible password is, in part, because it’s short and its entropy is low. You want your entropy to be high by using long passphrases and multiple sets of characters.

Defend Against Dictionary Attacks

The other reason that “12345” is a bad password is because it’s common. So-called dictionary attacks are basically lists of known passwords that computers can use to easily test passwords. If your password is in the dictionary, there’s no need for the computer to brute force its way through your character combinations.

You can easily keep your remote work security high here by using phrases that are meaningful to you but not easily recognizable to anyone else. Think about unique events that are a part of your life, such as an important bit of advice a friend once told you or a joke you heard at a comedy show. Any phrase that’s unlikely to be printed somewhere else can make for a great password.

Trust in Your Home Router

You recognize the pieces of equipment that attach to the cable or DSL line for your internet. Right? One of those boxes is your router, and more often than not, it is set to keep you protected from digital intrusion.

Your remote work security may depend on that small box more than you realize. The protections inside there begin with a built-in firewall that will reject all incoming connections unless you specifically allow them.

Unless you’re excited about playing online games with your friends or you enjoy messing with your internet configuration files, it’s unlikely you have seen the dashboard for your router’s settings. You can use your web browser to visit a special website like “192.168.1.1” that gets you into that dashboard, and within the settings you can see sections for your firewall, port forwarding and the DMZ, your DeMilitarized Zone.

Typically, your router blocks all inbound connections by default, so if you have never changed these settings, then you have nothing to worry about. You can trust that a new router will keep you protected. If you’re unsure, though, speak to an IT professional at your company who can help you reset your configuration or make any changes that are necessary.

Use Your Company VPN

One way that many companies are helping their employees improve remote work security is by using a virtual private network (VPN).

More or less, VPNs are secure tunnels where digital information can travel safely between two points. You can use a VPN to connect to a company database, for example, so you know that your connection to that location is safe from anyone who might want to look at that data.

Unlike passwords, which are largely under your control, and router settings, which you can trust to be robust, using a VPN might require that you speak to an IT professional at your company. You will likely have an application you can download to your computer and phone that will send all your internet traffic through the VPN first.

For your part, you can open the app, enter your username and password (which should be strong!), and proceed with your work day. Then it’s your responsibility to make sure you connect to the VPN at the start of your shift and turn it off when you have completed.

It’s not necessary to send your personal website traffic (email, Netflix, gaming) through the VPN, and in fact it might be disallowed. And you might be unable to connect to work-related digital information without having used the VPN to reach it. Your security here depends on using the VPN reliably and keeping your password strong so you are the only person able to connect to the service.

A Little Effort, A Little Trust

With a little bit of effort, you can create passwords that are strong enough for any personal or corporate environment. Your home router is likely built to help you along the way. And with only a few minutes of instruction, you can make sure all your online workplace activities stay safe through the tunnel of a company VPN.

This advice should be well-known to the security professionals at your business. Be sure to follow the guidelines listed here, and for any further questions or more complex situations, speak to your IT department for an individualized take on remote work security and the things you can do to protect your online identity while working outside the office.

_{Photo by Simon Abrams on Unsplash}