Skip to main content

Remote Workers are Being Targeted by Cyber Criminals who are Impersonating Google

Cyber-Criminals Photo by Nahel Abdul Hadi on Unsplash

By Arthur Moses Opio

In unprecedented times like this, we encourage you to remain firm and resilient but also purpose to grow on all fronts. One of the areas of growth is in our knowledge of ICTs and Cyber Security. There continues to be an increase in Phishing Scams and Form-based Cyber-Attacks while working from home.

During this COVID19 period, working from home has been the new normal, and Hackers have surely exploited this opportunity because they very well know that someone who works from home, could be having few defenses. But one of our greatest defenses is continuous cybersecurity awareness.

Phishing Attacks On The Rise Due To Work From Home

According to Info Security, There has been a substantial rise in phishing attacks recently as a result of the increase in people working from home during the COVID19 pandemic, with security systems and practices difficult to maintain for many businesses in these circumstances.

Increase in Form-Based Attacks

A Study done by Barracuda Networks found that Google file sharing and storage websites were used in 65% of nearly 100,000 form based attacks that were detected in this COVID 19 pandemic period.

Remote workers have been targeted by up to 65,000 Google-branded cyber-attacks during the first four months of 2020.

According to Steve Peake, UK Systems Engineer Manager, Barracuda Networks, he said that “Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber-criminals are taking the opportunity to flood people’s inboxes with these scams.

The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users.”

According to the RiskBased Security 2019 Year-End Report, there were 7098 breaches reported with over 15.1 billion records exposed in 2019. This is now clear evidence that 2019 was one of the worst years on the record for breached data, this number of records exposed grew by 284% compared to 2018. The report identifies emails and passwords as the most compromised data.

According to Karen Bowen Password Security Expert, Specops Software, “Issues with compromised passwords have been brought to the forefront during the COVID-19 pandemic. Earlier this year, news broke that 500,000 of Zoom’s usernames and passwords were exposed on the Dark Web.

Cybercriminals used compromised credentials from past breaches in a credential stuffing attack against Zoom. The successful logins were then compiled into lists to be sold online. What is worrying is that these passwords are being reused for other systems and could be used to infiltrate more data, causing a domino effect.”

To check if your email (Gmail, Hotmail, Yahoo mail, Mak mail) has been breached, use the link below https://haveibeenpwned.com/.

4 Key Things to do

  1. If you find it has been breached using https://haveibeenpwned.com, please change your password
  2. Do not subscribe to newsletters anyhow without knowing their privacy policy
  3. Do not reply to Phishing/SPAM emails because a reply lets the Scammer know that the email is legitimate and active and also the organization’s signature which might include phone numbers and other information is copied.
  4. Always be Vigilant, anything that looks suspicious, please do not hesitate to report.

© 2022 All rights reserved - Directorate for ICT Support (DICTS) - Makerere University

Available Office Time: 8:00am - 5:00pm (Monday - Friday)

Service Desk - https://support.mak.ac.ug

Email: helpme@dicts.mak.ac.ug
Phone: 0414 531343/437
Hours: 9:00am - 5:00pm