Finance 101 Working Remotely? Be Aware of these Home Office Scams

by Rebecca Lake | September 14, 2020

Working remotely from home offers undeniable perks — such as zero commute and a more flexible schedule.

However, while every day may be casual Friday, one thing to not take lightly is cybersecurity. 

If you're working from home temporarily or permanently, knowing how to protect yourself from cybercrime belongs at the top of your daily to-do list, along with knowing how to protect your personal information online and your home office. 

In order to protect your personal information and home office when working remotely, it is important to understand some of the biggest cybersecurity risks to watch out for.

Working remotely can boost your fraud risk profile 

Working remotely can boost your fraud risk profile as scammers can appear to be legitimate business contacts. You may not think twice about logging on to your personal computer or mobile device for work, but doing so can put you at risk for fraud in more ways than one. 

That's because it's easier to hack people than machines, says Nic White, global fraud prevention head for Citi Commercial Bank. “Cybersecurity has improved significantly over recent years, so criminals are increasingly targeting people, tricking them into voluntarily handing over information or sending a payment to an unintended beneficiary,” White says.

According to a Federal Bureau of Investigation (FBI) 2021 internet crime report, BEC scams, along with ransomware and the criminal use of cryptocurrency, were identified as the top incidents reported in 2021. BEC schemes alone resulted in an adjusted loss of nearly $2.4 billion for businesses. 

If you find you're interfacing more with business contacts who are working out of the office, be especially watchful against BEC scams, as fraudsters might use the pretense of remote work as a reason you need to suddenly send payments or funds to a new and unfamiliar account.

For example, White says one of the most popular tactics used by fraudsters is business email compromise (BEC) scams. These rely on the use of seemingly legitimate-looking emails to defraud remote workers and small business owners. BEC scam victims are deceived into sending money transfers to criminals, believing the recipients are legitimate business contacts. 

According to a Federal Bureau of Investigation (FBI) 2019 internet crime report, BEC scams accounted for nearly half of the cybercrime-related losses reported by businesses last year. The FBI advised in April that these scams may become more prevalent in 2020.

Quote
One of the most popular tactics used by fraudsters is business email compromise (BEC) scams.
End Quote

And that's not the only thing you need to look out for when working remotely. Other common scams include targeting remote employees and business owners (which may or may not be perpetrated through a business email compromise) include:

  • Charity fraud: Can be prevalent in times of crisis — such as political unrest or a natural disaster — during which fraudulent charitable organizations reach out asking for donations.
  • Bank impersonation: Fraudsters disguise themselves as trustworthy entities at a financial institutions to try and gain access to information.
  • Downloading remote access software:  You receive a call, email or text from what is believed to a reputable company and are asked to download a remote access app.
  • A surprise name in your account: A new banking or credit card account opened in your name with an exorbitant service fee added on top.
  • Mobile phone takeover:  Cyber-criminals switch a phone number from one wireless provider to another, so your phone is no longer receiving two factor authentication calls or texts.
Portrait of a serious woman looking at laptop

How to help protect yourself when running a business from home

If you run a business from home, the responsibility of staying safe online rests solely on your shoulders. 

"While I'm sure most people are guilty of rolling their eyes at the IT department when things go wrong, it's easy to forget just how much these teams actually do," says Mark Webster, founder of digital marketing site Authority Hacker.

Webster, who has been running his business remotely for the past six years, says you have to not only secure your own data but keep your team members protected, as well. For example, that means having employees do things like:

  • Create strong passwords to access business files
  • Use secure cloud backups to store business data 
  • Secure online meetings or group chats 
  • Use encrypted passwords or multifactor authentication to log in to collaborative tools 
  • Use a secure password manager to keep track of login details 

Webster says the most important thing employees can do is to follow best practices and the security protocols that are in place, even if they seem unnecessary. For instance, updating passwords regularly or logging out of devices when not using them for work are things that are easy to brush off but they can heighten security risk. 

How to protect your home office from scams

If you're working remotely for your employer, they may already have their own security protocols in place.

"There's a good possibility that your employer's IT department will take care of all the important security protections, updates and other aspects of protecting you online," says Chris Hauk, consumer privacy champion at online security education website Pixel Privacy.

But it still pays to be diligent about security yourself. Hauk says some of the best ways to do that are to:

  • Make sure your malware or firmware is always up to date
  • Use a secure virtual private network at home, as well as other remote work areas in lieu of public WiFi
  • Change the default password on your home WiFi router
  • Don't allow access to your company-issued devices, such as a mobile phone or laptop

It's also important to limit the use of workplace-issued devices to work tasks. Downloading a seemingly harmless app to your work phone, for example, could potentially expose you to fraud if the app includes malicious tracking software.

By their very nature, these extra security steps may seem redundant. But that's because if you're doing them, you are reducing your risk for cyber security fraud.

Woman working from home on laptop

Finally, if you ever receive an email asking for a payment to a new bank account, call the sender on a known phone number — don’t simply reference their email signature — to reconfirm the request. It’s also important to trust your instincts, White says; don’t be afraid to get a second opinion from a coworker if something ever feels off.

Uh-oh: My home office is under cyber-attack!

As a remote employee or business owner, you may feel you're doing all the right things to protect yourself online — but it's important to stay vigilant at all times. 

“Don't assume that just because you have installed security software, you are immune to online attacks," Hauk says. "Many online attacks are the result of human error."

If your home office security is targeted by fraudsters, it's important to know what to do next to minimize potential damage. When you're working from home for your employer, that means reaching out to your company's IT department to let them know what happened.

If you're running a business, you can file a complaint with the Federal Trade Commission and report fraudulent activity to your state's attorney general's office. If you have sent money to someone you didn’t intend to, it’s important that you let your bank know as quickly as possible, so it can attempt to recover the funds.

Quote
Many online attacks are the result of human error.
End Quote

Lastly, consider what you can do to better identify, avert and prevent future fraud attacks. "Creating a profile about how people normally engage with you can give you some guidelines for gauging activity," White suggests. "Once you understand normal, it helps you better identify abnormal behavior."

Knowing what's typical — and what isn't — can help you spot and prevent fraud before it happens.

4 Ways to guard against fraudulent emails

1. Verify sender's email address: Fraudsters might fake the displayed name and try to disguise the domain (e.g., "citii.com").

2. Read carefully: Grammar errors and urgent requests that break protocol are red flags.

3. Scrutinize links: Hover over a hyperlink to see the URL it goes to. Use caution with unexpected attachments, too.

4. Check with sender: Contact them via a verified phone number to confirm they sent the email.

Illustration of mobile phone screen
Small Business Technology Managing Money
Rebecca Lake

is a freelance journalist who's worked from home full-time since 2014. She routinely covers online security challenges for small businesses and consumers.

The content reflects the view of the author of the article and does not necessarily reflect the views of Citi or its employees, and we do not guarantee the accuracy or completeness of the information presented in the article.