Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against teleworking scams.
The COVID-19 pandemic has led to a spike in businesses using teleworking to communicate and share information over the internet. Knowing this, malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities. If you or your employees are working remotely, consider the risks associated with doing so. Also, make sure you are applying cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping.
Here are some of the ways cyber actors may exploit telework applications:
Software from Untrusted Sources
- Malicious cyber actors may use legitimate-looking telework software—which may be offered for free or at a reduced price—to gain access to sensitive data or eavesdrop on conversations.
- Fraudsters may also use phishing links or malicious mobile applications that appear to come from legitimate telework software vendors.
- Bad actors may target communication tools – such as voice over Internet Protocol (VoIP) phones, video conferencing equipment, and cloud-based communications systems – to overload services to take them offline or to eavesdrop on conference calls.
- Cyber actors have hijacked video-teleconferencing sessions to disrupt meetings by inserting pornographic images, hate images, or threatening language.
Remote Desktop Access
- Some telework software allows for remote desktop sharing, which makes collaboration and presentations easier. However, malicious cyber actors are known historically to have compromised remote desktop applications to gain access into other shared applications.
- As organizations seek to obtain equipment, such as laptops, to enable teleworking, some have turned to laptop rentals from foreign sources. If you aren’t careful, these previously-used devices may carry pre-installed malware.
As always, if you have been victimized by a cyber fraud, you can report it to the FBI’s Internet Crime Complaint Center at? www.IC3.gov.