Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against teleworking scams.
The COVID-19 pandemic has led to a spike in businesses using teleworking to communicate and share information over the internet. Knowing this, malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities. If you or your employees are working remotely, consider the risks associated with doing so. Also, make sure you are applying cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping.
Here are some of the ways cyber actors may exploit telework applications:
Software from Untrusted Sources
Malicious cyber actors may use legitimate-looking telework software—which may be offered for free or at a reduced price—to gain access to sensitive data or eavesdrop on conversations.
Fraudsters may also use phishing links or malicious mobile applications that appear to come from legitimate telework software vendors.
Communication Tools
Bad actors may target communication tools – such as voice over Internet Protocol (VoIP) phones, video conferencing equipment, and cloud-based communications systems – to overload services to take them offline or to eavesdrop on conference calls.
Cyber actors have hijacked video-teleconferencing sessions to disrupt meetings by inserting pornographic images, hate images, or threatening language.
Remote Desktop Access
Some telework software allows for remote desktop sharing, which makes collaboration and presentations easier. However, malicious cyber actors are known historically to have compromised remote desktop applications to gain access into other shared applications.
Supply Chain
As organizations seek to obtain equipment, such as laptops, to enable teleworking, some have turned to laptop rentals from foreign sources. If you aren’t careful, these previously-used devices may carry pre-installed malware.
As always, if you have been victimized by a cyber fraud, you can report it to the FBI’s Internet Crime Complaint Center at? www.IC3.gov.
(0) comments
Welcome to the discussion.
Log In
1. Be Civil. No bullying, name calling, or insults.
2. Keep it Clean and Be Nice. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
3. Don't Threaten. Threats of harming another person will not be tolerated.
4. Be Truthful. Don't knowingly lie about anyone or anything.
5. Be Proactive. Let us know of abusive posts. Multiple reports will take a comment offline.
6. Stay On Topic. Any comment that is not related to the original post will be deleted.
7. Abuse of these rules will result in the thread being disabled, comments denied, and/or user blocked.
8. PLEASE TURN OFF YOUR CAPS LOCK.