Watch out for the fraudsters
Is homeworking putting you at risk?
Businesses have less control over homeworkers’ online activity, and the boundaries between work and home are particularly blurred during the current lockdown conditions. Employees are understandably preoccupied and may be less vigilant than usual. They will also be keeping a close eye on the news and social media, increasing exposure to potentially unreliable websites.
Tip. This may be the last thing your staff are expecting to deal with, so alert them to the scams doing the rounds, and the action they should take to protect company data and funds.
Tactics
The scammers employ the usual range of tactics, exploiting the concerns of individuals and businesses. New and increasingly sophisticated ploys are emerging every day; those noted so far include:
- selling bogus or non-existent products online, such as hand sanitiser and self-testing kits
- lender loan fraud, where the victim replies to an ad offering a quick turnaround loan, pays an “arrangement fee” and never hears from the bogus loan company again
- credential-stealing, for example by getting victims to sign up for updates on the coronavirus or donate to a non-existent charity; and
- malware that encrypts devices and blocks access to or steals data. The fraudsters then demand a ransom or use or sell on the confidential information. Malware has been found masquerading as applications for monitoring the spread of the virus, e.g. Covidlock, and attached to phishing emails, e.g. BlackWater.
Awareness
Provide your staff with clear instructions on how to avoid the cons and what to do if they believe they have been targeted. Consider sending an email to all homeworkers, reminding them:
- to use company IT equipment and resources for work, if provided. These should have suitable anti-virus and verified software installed
- if they are using their own equipment, to install suitable anti-virus software
- not to open any suspicious communication, whether professional or personal
- to check the sender and the subject of any communication before downloading any files attached or links within the body of the text
- if staff have any doubts about an email, to delete it without opening it
- to be particularly alert to communications about coronavirus, even if they purport to come from a government source. Some reported scams claim to come from official organisations, such as the World Health Organisation and HMRC.
Tip. Encourage staff to report any suspicious activity to IT support, if you have it, giving them a named contact who can provide advice and technical help. This person should report cyber fraud to Action Fraud (see The next step ).
For a link to Action Fraud, visit http://tipsandadvice-business.co.uk/download (CD 21.14.06).