How the abrupt shift to remote work could start a wave of account takeover fraud

Lockdowns and stay-at-home orders around the world have forced businesses to rapidly move to remote work arrangements for safety. Now we’re seeing a wave of attacks by cybercriminals breaking into video conferences, hijacking employees’ devices and phishing for login credentials.

All of these attacks can disrupt business operations, but the account takeover attempts may be the most troubling. A phishing email that leads to the takeover of even one account can fuel data breaches, espionage, identity theft, ransom attacks, and e-commerce and financial fraud.

Verizon’s 2019 Data Breach Investigations Report found that 32% of all reported breaches involved phishing and 29% involved stolen credentials. The collaboration apps many companies use now, and the sheer number of employees suddenly working from home, give organized criminals a variety of ways to steal credentials and data.

Companies quickly adopted apps—and security issues

The sudden move to remote work led to a boom in the use of popular collaboration apps like Zoom, Microsoft Teams, Google Meet and Slack. That boom has been followed by a surge in reported security issues.

For example, a security researcher found that Zoom’s Windows client had a vulnerability that allowed attackers to swipe users’ Windows credentials and launch programs on their computers. Zoom has fixed the flaw, but it’s not the only issue out there.

A subdomain vulnerability in Microsoft Teams would have allowed someone with company access to scrape data from one Teams user account and leverage it to take over all an organization’s Teams accounts. How? By posting a malicious GIF in Teams. The bug is fixed, but criminals will keep targeting these apps as long as they can find ways to break in. And that’s not the only approach they’re using.

At-home workers are vulnerable to phishing scams

At-home employees present an almost ideal phishing target. They’re working in an unfamiliar way. They don’t have their on-site support team to ask questions. They’re learning new remote-working tools very quickly. And they’re doing it all in the midst of a pandemic—many with children, pets, and adult family members or housemates competing for their attention while they work.

It’s not surprising that scammers are going after them with work-related phishing attempts. Scams related to remote conferencing tools seem especially popular. Attackers have been sending fake Zoom notifications that tell recipients they missed a meeting—a surefire way to rattle the victims’ nerves and get them to enter their Microsoft credentials on a fake login site before they think too much about it. A similar scheme targeted thousands of Microsoft Teams users to try to steal their 365 login credentials. And those are just two examples from the first two weeks in May.

And while it’s up to software vendors to identify and fix vulnerabilities in their products, businesses and at-home workers have a role to play in fighting ATO, too. It’s up to businesses to ensure that the settings on the apps they use are configured properly to keep random people out. Businesses also need to stay on top of security news about the apps they’re using.

Besides vulnerable communication channels and networks, a big factor in the rise of ATO is that most of us make it too easy. A 2019 Google/Harris Poll online security survey found that 52% of respondents use the same password for some of their accounts. Thirteen percent use the same password for every account they have—which means they’re using the same password for personal and work accounts.

This creates a single point of failure that can allow attackers to take over multiple accounts with one set of credentials. For example, a thief who steals an employee’s Facebook password may also be able to log in to their Office 365 or Slack account.

What can businesses and managers do to prevent account takeovers?

These steps are best practice under any circumstances, but now they’re more important than ever.

  • Ensure that any solution you use for work conferences has end-to-end encryption to prevent others from eavesdropping on--or interrupting--your discussion.
  • Configure collaboration app settings to be as private as possible.
  • Limit at-home employees’ access to the network to company-issued, fully updated devices that have the level of security required for your business.
  • Save discussions of sensitive information for the most secure communication channels you have.
  • Limit the number of participants in conferences to reduce access points for attackers.
  • Keep all your company’s system and app software updated and patched to avoid exploits of known vulnerabilities.
  • Watch for security alerts related to the conferencing tools and other software your company uses. When vulnerability alerts go out, criminals race to exploit them, so patch fast.
  • Encourage all employees to use strong, unique passwords for each account.

How can at-home workers avoid phishing and account takeovers?

Follow these security steps to keep cybercriminals out of your employer’s system.

  • Use company-issued devices for work instead of accessing your employer’s network through your personal devices.
  • Make sure that the software on those devices is up-to-date. If you receive an update notice, check in with your company’s IT or security staff before you proceed.
  • Don’t install any new apps on your company-issued devices without permission and instructions from your employer.
  • Use a strong, unique password for each of your accounts.
  • Update your home’s Wi-Fi and router passwords so they’re not stuck on factory settings that are easy for criminals to find online.
  • Be cautious about clicking links, opening attachments or visiting websites you’re not familiar with, no matter whose equipment you’re using.

We’ve all had to learn new personal safety and health habits because of the pandemic. Now we need to take extra cybersecurity precautions for working from home, too. Up-to-date software, smart password practices, secure conferencing settings and clear communication are the best tools we have to prevent account takeovers and the damage they can cause.

Original article at: