Social Hacking Tactics During the Coronavirus
In a time when businesses and individuals are stepping up and helping their neighbors, the true nature of a hacker really shines through. Right now, businesses are offering sick-leave, donating medical supplies, and some are even opening their doors as supplemental hospitals. Professionals are either risking their lives to help others or are dutifully working from home to help contain the virus spread.
And in the midst of all of this, hackers have upped their game to prey on the countless people in uncertain and frightening situations. It’s not just that remote work is a data-security risk. It’s not just that people are more susceptible to hacking when they’re stressed. Social hackers are targeting those affected by the pandemic in order to lure them into harmful actions, exposure, or malware.
Today, we’re spotlighting these callous acts of online manipulation to help the business world protect itself and staff from this predatory behavior.
Playing on Fears
The first thing that social hacking targeted was the fears of those in affected areas. As people began to perform searches relating to coronavirus safety and methods or products to keep them safe, the hackers moved in. Not only did they lay inbound traps littered with malware and malicious ads, but they also sent out email blasters pretending to be local services or brands providing useful information.
People who were just looking for answers were roped in. Sometimes, they were not only targeted for fleecing but also carelessly give dangerous misinformation about coronavirus safety, like the ‘cover yourself in bleach’ myth.
Malicious Work-at-Home Software and Apps
On one hand, it’s incredible how professionals, developers, and mobile devices have come together in work-at-home rally to keep the industry alive. On the other hand, now everyone is scrambling to download new software and apps to make this remote work happen. That opens up nearly every business and team to hacker machinations.
False deals and downloads for collaboration software can earn a hacker hundreds, maybe thousands of infected devices. Workforce mobility is going at such a break-neck speed that few people are stopping to do the usual security checks before they download. Hackers are taking advantage of this wherever they can.
Offering Fake Emergency Services
Another shady coronavirus social hack is faking emergency services. Many people are reaching out for help with shopping, deliveries, medical advice, and medical assistance during this global pandemic. Some hackers have gone so far as to phish and redirect people who are looking for real help with fake emergency services.
If payment is asked for, they will often request remote electronic payment (another new necessity of COVID life) and then simply not deliver services. When the order or service never arrives, there is no one to complain to and victims are often targeted further with their payment and identity information stolen in the process. These are people who need help and are being stolen from because of this.
Misrepresenting Local Relief Efforts
One phishing method is to pose as local organizations and relief efforts. Local councils, services, non-profit organizations or health facilities often send out newsletters and share contact information for families staying safe and monitoring each other at home. This creates a ripe phishing pool for hackers who want to send out newsletters and trick victims into sharing information or clicking malicious links.
Hackers pose as groups offering advice, resources, and even learning material from local schools, taking advantage of every family’s current need for outside assistance and information.
Work-at-Home Data Exposure
In this same set of COVID-related hacking techniques is the more technical approach of attacking data when it is exposed. Right now, more data than ever before is exposed and traveling through wireless internet connections. The stay-at-home order has forced every business to suddenly open their servers and help professionals connect from home. But this means that the usual years of secure channel creation needed for mobile-workforce transformation are being skipped.
Hackers at this moment have a great opportunity to access unencrypted and carelessly shared data by the boatload. Infected devices, social hacking, and reading the data en-route are all possible methods to take advantage of work-at-home data exposure.
Work-at-Home Disruption Phishing
However, work-at-home has introduced another type of cybersecurity risk as well: phishing opportunities opened up by workflow disruption. A team that has always worked inside the company network with internal email and messaging might might never be phished with a false coworker or boss identity. But right now, it would be far less suspicious to get messages from people you know via new channels. A text from your coworker while coordinating a video-call or an email from your boss’ personal account are not as suspicious now as they normally would be.
Hackers, at this moment, can take advantage of the reorganization scramble that is creating gaps in otherwise secure communication chains. Warn your staff to watch out and double-confirm any potentially dangerous requests.
Protecting Your Team From Predatory Coronavirus Hackers
Understanding the potential for social hacking during this great remote-work transition is an important part of building your defenses. Talk to your team about the many ways it is, unfortunately, possible to be phished right now. Establish multi-point confirmation where every unusual, risky, or sensitive-data request must be double-confirmed through two channels of communication.
Help your team to clean their devices and to only install secured, encrypted, and IT-approved remote work software. Get everyone familiar with new security procedures that may be necessary and talk about the methods of defense against hackers while everyone builds their new remote workflow.
Most importantly, get the word out about social hacks outside the workplace, The most likely way for a team member’s phone or laptop to be hacked is when handling personal matters. Make sure your team knows how to protect themselves from outreach scams, misinformation, and false online services.
As for your business data security during this hacking bonanza, that approach is best handled with expertise and strategy. Work with your IT team or an outsourced (remote-experienced) IT team to guide you through going mobile with your workforce. With their help, your team can select only secure, trustworthy software, connect through encryption-protected channels, and know a social hacking attempt when they see one. Contact us today for more information or for help building your remote data security plan.