Criminals and hackers are always coming up with new ideas to launch cyber-attacks through seemingly ordinary emails and messages sent to employees from the internal address of the company, asking the target to join a new mailing list for example, but in reality, it is a digital trap set by hackers, who want to hack into the network of the target company or organization.
Experts call this type of cyber-attacks “phishing”, ie password phishing.
Andy Voss of the German “Computer Build” magazine explained that “the objective of these cyber-attacks is to lure the user to fake websites via SMS or fake emails.”
Furthermore, even professional or experienced users cannot immediately recognize phishing attacks, which are now increasingly targeting employees who work from home.
“Phishing attacks are increasingly targeting employees working from home because they are more vulnerable, and while corporate managers exercise strict control over work computers in companies, employees who work from home lack this rigor,” said Ronald Eckenberg in the German C’t computer technology magazine.
Therefore, a company’s risk of being targeted by phishing attacks increases when an employee relies on his or her home computer to perform work tasks, given that Hackers can hack into the employee’s home computer more easily, due to reliance on digital communications alone, without personal contact, thus the employee is more likely to open fake emails, which appear to be sent from the company’s president or manager.
“If a user’s home computer is infected with a “Trojan” virus (malicious software that infects the computer by appearing harmless or reliable), this virus can then transport itself to the company’s network via a VPN connection, which in some cases can completely cripple the entire company because of one wrong click on a link,” Ronald Eckenberg warned.
The German Association for Communications and Information Technology (Bitcom) has warned against the use of private computers at home to do company work.
“When working from home, it is better to only use the company’s devices, while restricting access, allowing only the system admin to install software, and making sure that the necessary security updates are installed,” Simran Mann, an IT security expert in the German Association, explained.
Furthermore, a user cannot immediately realize that his home computer has been infected with the Trojan virus and Eckenberg explained that hackers design Trojan viruses remain undetected for as long as possible.
Eckenberg added that “Web pages automatic redirection and noticing a sudden increase in the load on the operating system or a program that the user has not installed, are among the indicators of exposure to phishing attacks, in addition, the user might notice that his antivirus software started running”.
Eckenberg continued saying that work should be limited to updated programs and with the anti-virus software active, confirming that the “Defender” anti-virus built into the Microsoft Windows 10 and 11 operating systems is sufficient in most cases.
Furthermore, e-mail is considered the main gateway to electronic attacks, and Simran Man says that cyber-attacks launched via USB flash drives, which automatically install malicious software on the company’s computers require a lot more effort.
“In the past, cyber-attacks were easily identified through the poor language of fake emails, however, that is no longer the case, and the current emails look very professional, including the signature of the alleged sender,” Eckenberg explained.
Hackers always try to access computers via phones, which is called “voice phishing”, and traditionally hackers pretend to be Microsoft support staff and try to convince the user to install remote control software on the computers, giving them complete control of the computers and access to all the data.
How to deal with an email hacking attempt?
According to Andy Voss, when dealing with such attacks, end the connection immediately, since Microsoft or other trusted companies do not make any calls or send emails asking to disclose any personal data or information, so common sense is one of the best ways to respond to electronic attacks.
“When the user learns about hacker scams, he can easily identify such attacks, but in any case, one should never open attachments to emails sent by unknown people out of curiosity,” Andy Voss added.
If you suspect a message, you should call the sender before opening the suspicious attachments or following ambiguous instructions.
This is not limited to employees, companies can do a lot to counteract cyber-attacks and further secure the corporate network
“IT security should be the top priority, even if it costs a lot of money,” Simran Mann added.
References: DPA
