Companies are continuing to make arrangements for employees to work from home, and others are fast tracking HR policies to meet the requirements of shelter-in-place orders by state officials. These actions are making it an even higher risk for people being targeted by scammers, especially through phishing emails or through an unsecured network connection.
Employees transitioning from an office setting to a home office may find themselves more vulnerable to tech support scams. With either limited IT resources or strained IT resources, employees may attempt to solve technical issues themselves when confronted with pop-ups and virus alerts. I recently just read about a victim losing nearly $250 to a tech support scam. The report stated a pop-up window appeared when the user’s computer froze. The instructions on the pop-up window said to contact a company claiming to be affiliated with Apple. After following the directions, the consumer paid for what they thought would fix the problem and never heard from the tech support company again. Although this seems silly, under the stressful conditions and the fear of losing your job, employees are doing whatever it takes to keep operating as normal as possible, which may include them trying to fix a problem on their own to avoid, “getting in trouble.”
Another concern for employees transitioning to a work-from-home environment is Business Email Compromise (BEC) scams. BEC scammers impersonate emails that appear to come directly from the boss. These fraudulent emails are often used to request large payments to “vendors” via wire transfer. While this is a common scheme, scammers may change their approach and use current events as a way to convince the recipient to take action. Compromised business emails may be used to request payments for things such as reimbursements, bogus invoice payments, or office equipment. You may have seen that this type of scam became a media sensation recently when Barbara Corcoran of Shark Tank was hit with a $400K loss. She was one of the lucky ones, recovering almost all of her $400K loss.
Advertised work from home opportunities aren’t always what they seem, especially for people who have recently been furloughed or laid off. Employment scams are ranked the top riskiest scam in both the 2018 and 2019 Scam Tracker Risk Report. A common red flag to make note is the opportunity to work from home and what seems like a high hourly wage with minimal effort. However, as more employers practice social distancing and require employees to work from home, differentiating between legitimate and fraudulent job opportunities will become more difficult.
While working from home and watching to see how the situation surrounding the COVID-19 outbreak develops, here are some tips from MCDA to avoid falling victim to scams:
- Be aware of unusual procedures. Job offers without interviews are a red flag of employment scams, as well as employers that overpay and ask to wire back the difference. Take note of companies that promise opportunities or high income if you pay them for training.
- Check official job postings. Scammers will often use emails, social media or online job boards to reach targets. They are also known to use actual company names, addresses and human resource contacts found on the internet. If a job posting seems too good to be true, go directly to the company website and check their career page directly. If a website is charging you for information about a job opening, it is probably a scam.
- Set up work-from-home IT policies. When setting up remote employees, establish a plan to help them with technical problems they may face. Instruct them on who they should contact, and who to avoid, for tech support. A plan can protect employees, the business and your customers from having their personal and professional information compromised.
- Maintain office billing policies at home. One of the best ways to combat business email compromise scams is to set a policy requiring employees to confirm payment requests in person or over the phone, rather than over email. If the employees that handle billing are working from home, have them maintain these policies by calling to confirm any payment requests made by email.
- Review safety practices with employees. As employees are working remotely, remind them of the best practices to avoid scams. Practices such as avoiding clicking on pop-ups or links in unsolicited emails are encourage and if they aren’t sure of the origin of an email, have them contact a colleague or supervisor by phone. Make sure they know tech support professionals would never call them unless they had requested assistance first.
If you need assistance setting up a remote work policy please contact MCDA today for a free consultation. (714) 872-2393 or you can email directly to Mike@mcdaccginc.com