The way people work has changed enormously in recent years, with more and more employers embracing the power, and the cost savings, that come with building a remote workforce. Those businesses know that their workers increasingly value a better balance between the demands of their jobs and the needs of their loved ones.
Those firms also know that by offering more flexible working conditions they can reduce costly turnover, attract more talented candidates for open positions and build the kind of loyalty that will help them succeed in the long run. But this shift toward remote work has not gone unnoticed by the bad guys, and hackers are using a new, and uniquely insidious, method for gaining access into corporate networks.
This new entryway into corporate networks and their infrastructure is enough to terrify the most staid IT staff and the most technologically illiterate CEO. The reason this black hat hacking technique is so dangerous is the way it works, bypassing the usual safeguards that many businesses have put in place.
By now most telecommuters, even brand new ones, know to be on the lookout for suspicious emails and potentially infected links. They have been told what to do, and armed with their employee manuals they follow those instructions to the letter.
Posing as New IT Staff
In this dangerous new twist on spearphishing, hackers pose as IT staff, often passing themselves off as new hires. And since all those new telecommuters obviously need support, employees may not question the presence of a new IT tech in their midst.
In order to pull off their nefarious schemes, the hackers scour professional social media sites like LinkedIn, grabbing lists of employees most likely to be working remotely. They then reach out to these brand new telecommuters, and the spearphishing scheme is now underway.
Complete with LinkedIn Profiles and More
While the hackers are on social media, they set up their own LinkedIn profiles, complete with fake work histories and a phony network of cohorts. Even if the targeted employees are initially wary, their suspicions will likely be laid to rest by those professional looking profiles.
The amount of hard work and research that goes into this new spearphishing scam is truly mind boggling, but the payoff can be huge for a successful hacker. The prize in this case is nothing less than total access to the corporate network, and once inside, hackers can steal passwords, grab proprietary information and private files and otherwise wreak havoc with the targeted company.
Fake VPNs, Real Network Infiltration
Once the supposed IT person has gained the trust of the employees they are targeting, the next phase of the spearphishing operation gets underway. Now that the initial introductions have been made, the phony IT person sends information for the installation and use of an equally phony VPN.
The virtual private network, or VPN, is the key to safe remote work, but an infected communication tunnel can hand the keys to the corporate kingdom to a hacker. By getting a jump start on the real IT staff, the perpetrator of the scheme gains access to the targeted network. By the time the real IT staff catches on, it could already be too late.
Assign an IT Point Person from the Start
This emerging threat to remote workers and the companies that hire them should be enough to give everyone, from the CEO in the corner office to the telecommuters in their home offices, pause. The sophistication of the scheme is simply mind boggling, making older spearphishing attempts look like child's play.
There is no doubt that this new tactic is dangerous, but there are steps businesses can take to protect themselves. One of the most effective defenses against a fake IT technician is to assign a real one well in advance. By letting new telecommuters know exactly who they will be working with, how they will be contacted and what time frame will be followed, employers can stop this latest attack in its tracks.
Working from home can be a win-win situation for employers and workers alike. Businesses can enjoy enormous cost savings on everything from office space to pens and pencils, while employees can ditch the stressful commute for the freedom and flexibility of at-home work. With the right safeguards in place, the remote work revolution is sustainable and safe, but businesses need to educate themselves about emerging threats and how to defend against them.