Fake Work From Home Opportunities Are Phishing For Data
It's no secret that the pandemic changed the way much of the world works. Tens of millions of people are now working from home with millions more eyeing that as a very real possibility.
Unfortunately, the pandemic also changed what kinds of opportunities hackers and scammers are targeting. It shouldn't come as a great shock that they've begun targeting work from home opportunities.
Here's how a typical campaign plays out, according to researchers at Proofpoint:
On average, more than 4000 phishing emails a day are being sent to recipients worldwide. The bulk of recipients are in the United States, but people in Europe and Australia are being targeted too.
In more than 95 percent of cases, attackers are targeting email addresses that are linked to colleges and universities. So as a first necessary step, the attackers are either hacking into university databases to get the email addresses or they're leveraging someone else's prior breach and buying the data on the Dark Web.
In any case, the specific lure varies from one campaign to the next but it's always some variation of "we're hiring X number of remote workers to do this!" They then include a few details about the job with an attachment or an embedded link to follow for more information.
Naturally, if you open the file or follow the link you'll ultimately be presented with capture boxes designed to collect your login information or other personal details. If you give the hackers/scammers any information, you can bet that it will be used against you. According to FBI statistics, the average loss for a victim of employment fraud is about $3,000.
It may not be life ruining bad, but it still stings. In any case, these kinds of attacks are on the rise in our post-pandemic world. Be aware and make sure that your friends and family know too.