Greg discusses how to avoid common phishing and social engineering scams for remote workers in this episode of Ask The Expert. 800 CHAB radio presents Ask the Expert with Greg Marcyniuk of Heritage Insurance located in Moose Jaw.
Here's a full transcript of the episode.
Rob Carnie: With Greg Marcyniuk, Heritage Insurance in downtown Moose Jaw today. Greg, many have been doing it since March. In fact, a number of people are still working from home. Set up on their computers remotely and able to work from home and, while it's for their safety and while it's convenient, it can also be dangerous. And we've had instances locally where local people have found themselves in some hot water.
Greg Marcyniuk: That's correct, Rob, and social engineering scams and remote workers. It's just unfortunate but these cybercriminals view remote workers as ripe for exploitation due to the fact that many of these individuals are relatively inexperienced with remote working, and usually the home networks are generally way less secure than that of the workplace.
So, what they're doing is accessing information, physical places, systems, data, property, or money by using psychological methods rather than technical methods or brute force. So, social engineering scams rely on exploiting that weakness and blind spots. Typically, the normal ones that are going and happening is phishing and that's when a cybercriminal attempts to obtain valuable information by, you know, tricking people into visiting a fake website or clicking a link that installs malware.
And it's usually done by email, and just not email alone, you're also getting text messages. I know we're seeing a lot more text messages and typically they will target specific individuals, but it's often as well a mass untargeted attack. Another thing is baiting, and that's either they're offering an award, a monetary prize or a discount for taking action such as clicking to a link. Or another thing that has actually been happening for a physical attack is they're actually leaving USB or flashcards out there, or drives, listed confidential, and out in the public, and they're hoping someone will plug into it.
So, if you ever find one, never, ever plug that in there because it could install malware or other malicious software. Another one is quid pro quo, it's just seemingly a legitimate exchange where a targeted person believes they're receiving a good deal. For example, a malicious party may identify themselves as an IT consultant and they're offering a technical service in exchange for login details, so another big scam.
The other thing is pre-texting, and that is when someone impersonates a known coworker and authority figure in an attempt to gain access to secure information. So, what can an employee, or what can a person do when they are remotely working? You can train and the employer can train the employees to watch out for messages with odd text formatting.
Reinforce security and, again, stress the importance of never giving out logon or valuable company information to anybody who's unidentified whatsoever. And again, employees should never click or visit webpages that they are unfamiliar with, that's another huge risk there. Another one that I always talk about is updating your software.
Again, encourage teamwork as far as, you know, contacting your IT people if you feel that you've had any sort of breach whatsoever. And most important is to review your cyber insurance policy to make sure that you have the proper insurance in place because some of the policies do not cover your remote workers out there, so it's important that you review that wording if you do have anybody working remotely because you're there for a huge exposure.
Rob: You just offered a whole bunch of tips on how we can avoid getting scammed. We can review them on your website.
Greg: That's correct. NoHassleInsurance.ca or come on down to the corner of First and Fairford West and talk to any of our fine people.
Rob: Thanks very much for this, Greg.
Greg: You're more than welcome, Rob.
(Video transcription via https://www.speechpad.com)