Home office photos posted online reveal information to cybercriminals
Photos of working remotely, published m.In. Social media reveals more to cybercriminals than it seems. Photos of family, document fragments, a package from the courier, or the scarf of your favorite soccer team on staff can facilitate a cyber attack and lead to the “wiping” of bank accounts, theft of confidential data, and even crippling of business operations. How cybercriminals can take advantage of information in home office photos?
Hacker like intelligence services
Cybercriminals increasingly personalize attacks – Instead of sending malicious messages randomly to millions of users, they tailor them to a specific victim to bolster credibility (called. spear-phishing). They act like intelligence services: collect all traces of a user’s online presence, in online forums or on social media, as well as passwords from data leaks of large companies, e.g. insurance companies or online stores. Meanwhile, in the age of pandemonium and remote working to gain private and corporate data of employees is even easier.
In the background of the photo home office or videoconferencing often include family members, pets, items that indicate interests. Some decorations They suggest their date of birth or pet’s name, and labels on a “lost” package in HR can reveal your address and personal details home. Each of these pieces of information is valuable to criminals: Poles often create slogans referring to their favorite team, music artists, children’s names and birth dates, or pets (National Cybersecurity Centre study). They don’t change their also often enough in banking services (should be done at least once a year) (Cyber Security Wallet 2020 Report). This increases the chances of criminals guessing passwords based on information gathered online.
Pet photo as a “gateway” to the corporate network
Sharing photos related to work or learning remotely is also threats to company data and systems. Employees don’t always pay attention to what – other than a pet sleeping on their desk, lunch at the home office, or a child studying – is visible in the workforce. This is how they reveal sensitive information: view business boxes, e-mails, names, private websites, Confidential internal correspondence, Software installed on computers and their identification numbers, invoices or contracts with subcontractors.
– Any of these digital footprints can be used to attack a company. They make it easy for criminals to impersonate a courier working with an employer, or an employee is solicited on “behalf” of the IT department to share sensitive files or data or download malware, e.g. in the form of a fake software update. It’s only one step away from infecting the entire company network, stealing sensitive business data or paralyzing the company. The popular hashtags #WorkFromHome, #RemoteWork, #HomeOffice, #Zoom or #MSTeams used with the images make it even easier for criminals to find similar information online warns Ćukasz Formas, Engineering Team Leader at Sophos.
How to take care of data security?
Once an image is shared online, the user lose influence on who will use the information on it and how. That’s why you should always pay attention to what you see (also approximately) in the background of published photographs from work, remote learning or video conferences. If there is no way to properly arrange the space behind you during video calls, it is better to use virtual background or blur effect. It’s also worthwhile educate friends, family members and co-workers about potential threats connected with sharing photos from home office on the web.