Those who work-from-home no longer have the advantage of a corporate network’s security perimeter, and can thus be more vulnerable to malicious actors on the Internet, according to internet security firm Kaspersky. Among the ways to minimize falling prey to such cyberattacks are being knowledgeable about cyberthreats and beefing up one’s security software.
While devices have built-in anti-virus software, these aren’t capable of detecting threats such as malicious URLs (Uniform Resource Locators or web addresses), said Bric Adam Tenorio, pre-sales manager for the Philippines at Kaspersky, a security technology company. A malicious URL is either a website created by threat actors, or a legitimate website which has been compromised with malicious content.
“I encourage everyone, especially those who work-from-home using their own devices, to invest in security software, to give them peace of mind [when accessing work files],” said Mr. Tenorio.
Rosemarie Gonzales-Roy, Kaspersky’s corporate communication manager for Southeast Asia, added: “We have to be smart about our online habits. If you can avoid it, don’t use your work devices for personal use. … Turn off your camera and microphone when you’re not using them. Also, even if your employers don’t say so, use a VPN.”
A virtual private network (VPN), a service that provides online privacy and anonymity by creating a private network from a public internet connection.
The panelists also warned against social engineering, which involves deceiving users to act unknowingly against their best interests. The most popular type is phishing, which is when individuals are contacted by e-mail or phone by someone posing as a legitimate institution to lure these individuals into providing sensitive data such as credit card details or passwords.
Telltale signs to look out for are company logos that resemble official ones, domains that are different from the supposed senders (e.g., a Bank of America e-mail with firstname.lastname@example.org as the return address), and non-personalized salutations (i.e., Dear Sir/Madam).
“The operative word is deceiving,” Mr. Tenorio said.
Mr. Tenorio listed questions that can help individuals spot a social engineering attack:
- Are my emotions heightened? Am I being frightened to take action? Am I being encouraged to update my personal data because of my account was supposedly compromised?
- Did the message come from a legitimate sender? Does the website I’m on have odd details? Does the offer sound too good to be true? Did my friend actually send this message to me?
- Is the attachment or link suspicious? Does the URL start with “http” instead of the secure “https”?
- Can this person prove their identity?
Because working from home can also mean working from anywhere, individuals should be wary of threats such as man-in-the-middle attacks (MITM). MITM happens when a cybercriminal gains access to an unsecure Wi-Fi router — such as in public wi-fi connections in cafes and malls — and uses this as a way to deploy tools to read a victim’s transmitted data. These tools can also be inserted between a victim’s computer and the website the victim visits to capture personal information such as log-in credentials.
When logging in at websites, Mr. Tenorio advised utilizing one-time passwords (or OTPs) for an added layer of authentication.
“OTP is one of my favorite security inventions,” Mr. Tenorio said. “Please don’t provide your OTP, even if [the ones asking for it] say they’re customer support.” — Patricia B. Mirasol
SIDEBAR | How to avoid credit card fraud
With pandemic-related restrictions boosting e-commerce, cardholders run the risk of sharing sensitive information if they aren’t careful when online shopping. There was a 30% increase in fraud cases last year compared to the previous year, according to the Credit Card Association of the Philippines (CCAP), which acts as a mediator for the credit card industry, merchant establishments, and consumers.
Bangko Sentral ng Pilipinas (BSP) also reported in a briefing last month that out of 20,000 consumer concerns received in 2020, 13% were related to fraudulent, unauthorized transactions involving deposits, online services, remittances, and, of course, credit cards.
Because there are so many different types of credit card fraud that online consumers need to watch out for, CCAP outlined the common forms of each and how to defend against them.
Phishing and vishing
These scams come in the form of e-mails, fake job sites and browser toolbars, banner ads, and text or chat messages. Vishing is a subcategory within phishing that involves phone calls from scammers pretending to be bank representatives. The play here is to lure victims into giving sensitive data by offering fake promos or assistance to help with their account that has been hacked.
What to do: Don’t click any links and examine the e-mail or message first. When in doubt, contact the bank to verify if the message is valid or to ask if a caller claiming to be a bank representative is legitimate. The best thing to do is ignore them and keep all sensitive information to yourself while nothing is verified.
Lost or stolen cards
Whether it’s because a wallet went missing or a card was mysteriously misplaced, anyone with access to credit cards could make unauthorized transactions.
What to do: Report the lost or stolen card to the bank immediately so they can block the account. To prevent future losses, cardholders should refrain from placing the wallet in areas visible to many people. Cards could also be placed in a separate pouch, so that losing a wallet wouldn’t mean losing all cash, cards, and IDs.
Card replacement scam
Scammers may call people claiming that their credit card is due for replacement or even an upgrade. Instead of doing what they promised, they can use the card for their own purchases and never give it back.
What to do: Be careful with calls or messages that claim to be about your credit card or bank account. Banks usually ask cardholders to go to a branch to get a replacement card and let you do whatever you want with the old card.
The word comes from the device that fraudsters install on an automated teller machine (ATM), as it can skim a card’s magnetic stripe that contains the cardholder’s information. Even the credit card terminal at a cashier where one shops can be tampered to skim cards.
What to do: While banks have upgraded their cards’ microchips to EuroPay, MasterCard, and Visa (EMV) technology that makes it harder for skimming devices to get information, cardholders should remain vigilant by staying alert when transactions are being made, checking ATMs for devices, and shaking scanners before inserting the card.
It’s risky to conduct a credit card transaction while using a free, public internet connection as it’s difficult to determine if these have been hacked by fraudsters, CCAP said in a press release.
Though banks now have mobile apps where cardholders can track transactions, lock cards when not in use, or receive notifications on the latest scamming trends, constant contact with the bank is still important since banks can reach out for any suspicious or unusual account activities. — B. H. Lacsamana