28 Mar Hacked Again: COVID-19 Goes Phishing, Remote Workers Fight Back
“Oh no, cybercriminals are gonna have a field day” Listen to the Podcast
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Mar. 28, 2020
Schober’s first book chronicles his own small business, a victim of cybercrime, which years ago had its online checking account hacked for thousands of dollars — and then it was hacked again after switching banks.
We asked Schober what his first thought was when he learned that millions of U.S. employees were going to wake up for work in their pajamas this week, the kitchen table suddenly their new office desk. “Oh no, cybercriminals are gonna have a field day,” he replied.
What immediately came to Schober’s mind were a number of major breaches that occurred years ago, affecting millions of employees and consumers. He rifled them off to us including the 2013 Target hack, a direct result of remote workers being lax on security. Then there was the JPMorgan Chase breach that compromised 76 million user accounts and 7 million small businesses — due to a focused spear-phishing attack on a remote user.
Shober recounts his own first day working from home, when a family member asked for his Zoom login ID and password. “Whoa, I’m not going to share that with anyone,” he thought.
The way Schober sees it, too large a percentage of the home user workforce is either clueless or careless (and oftentimes both) — which makes them sitting ducks for cybercriminals. Why? To say that people gravitate to convenience over security would be an understatement.
“Passwords, passwords, passwords,” says Schober. “That’s what the hackers are after.”
Far too many remote workers don’t have two-factor authentication (2FA) turned on in their email and apps, either because they’re too lazy or they don’t know what it is. The technical jargon doesn’t help. But 2FA is one of the easiest and most effective ways for users to protect their data and identities.
If a home worker has a weak Wi-Fi signal, then they’ll hop on to their neighbor’s account, according to Schober. Or maybe a family member using the same laptop will. Then hackers can place malware on the computer, and begin to access personal credentials.
Social media is a cybercriminal’s delight. They can easily search and find login credentials and other personally identifiable information there. Schober believes that people are way too social on social media. It’s too easy to put the pieces of the puzzle together by culling someone’s birth date, mother’s maiden name, and more from Facebook and other accounts.
There’s been a surge of sneaky phishing emails targeting users around the COVID-19 outbreak.
“Cybercriminals pivot and change their methods within minutes,” says Schober. A Netflix scam offers free access to anyone that wants it. All someone has to do is fill out an online survey. People are distracted thinking it’s so nice of Netflix to do this in a time of need, but it’s game over in a few minutes.
IT workers will squirm when they read this, because they know it’s true.
Schober’s latest book, “Cybersecurity Is Everybody’s Business,” can be thought of as a safe computing survival guide for home workers and small business owners.
The premise of the book is that we all need to take personal accountability for our cybersecurity. In the age of the Corona pandemic, this is truer than ever.
In order to stay safe from phishing attacks, malware spying, ransomware, identity theft, major breaches and hackers who would compromise our security, we need to start by assessing what we know — and more importantly what we don’t know — about cybercrime and cybersecurity.
Schober provides free copies of the Cybersecurity Pop Quiz (secure .PDF from Cybercrime Magazine, no registration required), an excerpt from his book, to anyone that wants a copy.
Knowledge is power in the war against cybercrime. Listen to the podcast interview with Schober, take the quiz, and bone up on cybersecurity. You can’t afford not to.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.