Finance 101 Working Remotely? Be Aware of these Home Office Scams

by Rebecca Lake | September 14, 2020

Working remotely from home offers undeniable perks — such as zero commute and a more flexible schedule.

However, while every day may be casual Friday, one thing you can't take lightly is online security. 

If you're working from home temporarily or permanently, knowing how to protect yourself from cybercrime belongs at the top of your daily to-do list. You take steps to protect your personal information online, and your home office should be a priority, too.

But first, you need to understand the most important steps to take — and the biggest security risks to watch out for — when working remotely.

Working remotely can boost your fraud risk profile

You may not think twice about logging on to your computer or mobile device for work, but doing so can put you at risk for fraud in more ways than one. 

That's because it's easier to hack people than machines, says Nic White, global fraud prevention head for Citi Commercial Bank.

“Cybersecurity has improved significantly over recent years, so criminals are increasingly targeting people, tricking them into voluntarily handing over information or sending a payment to an unintended beneficiary,” White says.

For example, White says one of the most popular tactics used by fraudsters is business email compromise (BEC) scams. These rely on the use of seemingly legitimate-looking emails to defraud remote workers and small business owners. BEC scam victims unknowingly send money transfers to criminals, believing the recipients are legitimate business contacts. 

If you find you're interfacing more with business contacts who are working out of the office, be especially watchful against BEC scams, as fraudsters might use the pretense of remote work as a reason you need to suddenly send payments or funds to a new and unfamiliar account.

Quote
One of the most popular tactics used by fraudsters is business email compromise (BEC) scams.
End Quote

According to a Federal Bureau of Investigation (FBI) 2019 internet crime report, BEC scams accounted for nearly half of the cybercrime-related losses reported by businesses last year. The FBI advised in April that these scams may become more prevalent in 2020.

And that's not the only thing you need to look out for when working remotely. Other common scams targeting remote employees and business owners (which may or may not be perpetrated through a business email compromise) include:

  • Phishing scams, which involve fraudsters disguising themselves as trustworthy entities to try and gain access to information.
  • Malware attacks, which involve the use of malicious software to detect and steal information from business computers and devices. 
  • Ransomware attacks, in which a business's data files are hijacked and held for ransom with the threat of files being deleted entirely. 

Combatting cybersecurity can be overwhelming, but being informed about various scams and frauds can help you stay secure while working from home. 

Portrait of a serious woman looking at laptop

How to protect yourself when running a business from home

If you run a business from home, the responsibility of staying safe online rests solely on your shoulders. 

"While I'm sure most people are guilty of rolling their eyes at the IT department when things go wrong, it's easy to forget just how much these teams actually do," says Mark Webster, founder of digital marketing site Authority Hacker.

Webster, who has been running his business remotely for the past six years, says you have to not only secure your own data but keep your team members protected, as well. For example, that means having employees do things like:

  • Create strong passwords to access business files
  • Use secure cloud backups to store business data 
  • Secure online meetings or group chats 
  • Use encrypted passwords or multifactor authentication to log in to collaborative tools 
  • Use a secure password manager to keep track of login details 

Webster says the most important thing employees can do is to follow best practices and the security protocols that are in place, even if they seem unnecessary. For instance, updating passwords regularly or logging out of devices when not using them for work are things that are easy to brush off but they can heighten security risk. 

"By their very nature, these extra security steps should seem redundant," he says. "But that's because if you're doing them, you should never encounter an issue with leaked data."

How to protect your home office from scams

If you're working remotely for your employer, they may already have their own security protocols in place.

"There's a good possibility that your employer's IT department will take care of all the important security protections, updates and other aspects of protecting you online," says Chris Hauk, consumer privacy champion at online security education website Pixel Privacy.

But it still pays to be diligent about security yourself. Hauk says some of the best ways to do that are to:

  • Make sure your malware or firmware is always up to date
  • Use a secure virtual private network at home, as well as other remote work areas in lieu of public WiFi
  • Change the default password on your home WiFi router
  • Don't allow access to your company-issued devices, such as a mobile phone or laptop

It's also important to limit the use of workplace-issued devices to work tasks. Downloading a seemingly harmless app to your work phone, for example, could potentially expose you to fraud if the app includes malicious tracking software.

Woman working from home on laptop

Finally, if you ever receive an email asking for a payment to a new bank account, call the sender on a known phone number — don’t simply reference their email signature — to reconfirm the request. It’s also important to trust your instincts, White says; don’t be afraid to get a second opinion from a coworker if something ever feels off.

Uh-oh: My home office is under cyber-attack!

As a remote employee or business owner, you may feel you're doing all the right things to protect yourself online — but it's important to stay vigilant at all times. 

“Don't assume that just because you have installed security software, you are immune to online attacks," Hauk says. "Many online attacks are the result of human error."

If your home office security is targeted by fraudsters, it's important to know what to do next to minimize potential damage. When you're working from home for your employer, that means reaching out to your company's IT department to let them know what happened.

If you're running a business, you can file a complaint with the Federal Trade Commission and report fraudulent activity to your state's attorney general's office. If you have sent money to someone you didn’t intend to, it’s important that you let your bank know as quickly as possible, so it can attempt to recover the funds.

Quote
Many online attacks are the result of human error.
End Quote

Lastly, consider what you can do to better identify, avert and prevent future fraud attacks. "Creating a profile about how people normally engage with you can give you some guidelines for gauging activity," White suggests. "Once you understand normal, it helps you better identify abnormal behavior."

Knowing what's typical — and what isn't — can help you spot and prevent fraud before it happens.

4 Ways to guard against fraudulent emails

1. Verify sender's email address: Fraudsters might fake the displayed name and try to disguise the domain (e.g., "citii.com").

2. Read carefully: Grammar errors and urgent requests that break protocol are red flags.

3. Scrutinize links: Hover over a hyperlink to see the URL it goes to. Use caution with unexpected attachments, too.

4. Check with sender: Contact them via a verified phone number to confirm they sent the email.

Illustration of mobile phone screen
Small Business Technology Managing Money
Rebecca Lake

is a freelance journalist who's worked from home full-time since 2014. She routinely covers online security challenges for small businesses and consumers.

The content reflects the view of the author of the article and does not necessarily reflect the views of Citi or its employees, and we do not guarantee the accuracy or completeness of the information presented in the article.