Quick Links
I’ve worked remotely for almost a decade, and I’m yet to fall prey to a phishing scam—and I intend to keep it that way. Sure, phishing scams are more sophisticated than ever, but you can still keep yourself (and your work) safe by exercising some due diligence.
1Stay Informed About the Latest Phishing Scams
Knowledge truly is power when it comes to safeguarding your business from cybercriminals. If you know what you’re looking for, a quick glance at an email or a shady SMS is enough to ring your internal alarm bells.
Classic email scams where someone is pretending to be your bank to snag your data are relatively easy to spot. I’m willing to bet you’ve been targeted plenty of times at random through one of the many shotgun methods.
But as a remote worker, you’ll also have to become a master at recognizing spear phishing. This one’s a lot more tricky as it often includes information specific to you or your company. In other words, hackers did their research and can thus appear more convincing.
What Is an AI Voice Clone Family Scam? How to Spot It
AI voice cloning is incredibly easy, and it can be used to manipulate your loved ones.
Along with spear phishing, you may also run into clone phishing, where you’ll receive copies of legitimate communications with an added spice of dangerous attachments or links.
Unfortunately, AI has made everything much scarier, including voice phishing (vishing). In the past, a scammer would call you and pretend to be legitimate. Now, they can actually clone the voice (and likeness through deepfake videos) of someone in your organization.
You should be familiar with all these techniques, as it can ensure that you’ll think twice before you click on a link in a seemingly safe email from your coworker.
2Learn How to Identify Phishing
Learninghow to spot phishingis relatively straightforward. The first thing you should look at is the sender’s email address. In most cases, you’ll notice that while it closely resembles that of an official organization (or a team member), some of the letters may be swapped out for a similar symbol, or one of the letters may be omitted altogether.
AI Video Call Scams Are on the Rise, and This Is How They Work
AI is wonderful, but it comes with downsides. Thankfully, there are a few ways you can spot AI video call scams.
For me, the biggest giveaway of phishing is usually the language that gives off an aura of urgency. Cybercriminals are trying to capitalize on people who may not have the experience to recognize scams and, as such, invent scenarios that require you to act quickly without thinking.
In the olden days, phishing emails were usually riddled with bad grammar and typos galore. Nowadays, cybercriminals often use AI language models to craft more polished text that is good enough to fool most unassuming individuals. The key words here are “good enough.”
You canrecognize AI-fueled phishing attacksby its unnatural flow of sentences. It’s also common for the text in the email to be too formal or too perfect and lack any sort of human touch, which is a landmark of most work-related communications.
Here’s an example of an email I crafted using Google’s Gemini:
It looks okay on the surface but falls apart after a close inspection. If you ever receive a similar email, contact the person who supposedly sent it directly to clear up any confusion instead of taking any risks.
With voice cloning and deepfakes, it’s a bit trickier. The good news is that most cybercriminals are looking to make a quick buck, so cloning your manager’s voice and likeness may require too much effort. As a result, most of us will never have to deal with this type of phishing. Still, while chances are slim they’re never zero, so you should definitely get the basics down.
For example, voice cloning sounds convincing, but at the moment, it’s still possible to notice digital artifacts that make the speaker sound robotic. The cadence of the speech and tiny inflections of the voice will be off despite the timbre being spot on.
A similar thing applies todetecting deepfakes, where you can notice imperfections like jerky movements or glitchy lip-syncing. Either way, you know your coworkers enough to be familiar with their patterns, so anything that seems out of the ordinary should be a major red flag for you.
3Think Before Clicking
Call me paranoid, but any time I receive a link in an email (even from a familiar address), I always check it by hovering my cursor over it. You should do the same—but what should you look for?
For starters, check the domain name (aka. the first part of the link). Similar to how scammers attempt to make email addresses seem legitimate, they do the same spiel with domain names in the links they send you. Look for misspellings, hyphens, and missing or extra letters.
The point of phishing is to steal your credentials or to get you to download malware, so the link will attempt to mimic a legitimate service.
Similarly, you should be wary of any attachments. This includes executable (.exe) files and compressed files (.zip, .rar) that cybercriminals love because it’s easy to hide malware, as well as Microsoft Office documents that now allow hackers to set up scripts and macros that function similarly to .exe files.
4Pay Extra Attention to Public Wi-Fi
The best thing about being a remote worker is you can take your work anywhere. Though this is amazing for your mental health, it can be dangerous on the cybersecurity front, primarily due to Wi-Fi phishing or Wi-Fi spoofing.
In this scenario (often referred to as aman-in-the-middle attack), hackers create a twin network of an actual Wi-Fi hotspot in a public space. After that, they only need to wait for their victim to establish a connection to see everything they do online, including any login credentials.
There are plenty of things you should get in order if you plan onworking from coffee shopsand other public places like libraries, primarily in terms of cybersecurity. To avoid falling victim to Wi-Fi spoofing, it’s best to avoid public Wi-Fi altogether, especially if you’re handling sensitive company data. For instance, I always bring a mobile hotspot or use tethering to minimize risk and avoid traffic congestion.
If you are absolutely adamant about using a public network, you should first install a VPN to be on the safe side.
5Use Software to Mitigate Phishing Attempts
Why go at it solo when there’s always software that can lend you a hand? For example, apremium version of Malwarebytescan significantly enhance your online security and protect you not only from malware but also from phishing.
With real-time scanning, Malwarebytes analyzes incoming emails and automatically blocks them if it recognizes anything phishy (pun intended). It also analyses the links in emails to check if they’re safe, along with scrutinizing the content of the messages themselves. Malwarebytes can also verify if the email senders are authentic by cross-referencing their details with information that’s available. As such, it’s also a powerhouse againstemail spoofing.
While this is more of an optional step, it does add another layer of defense against the increasing number of phishing scams and also cuts down on your “phish-busting” workload.
By practicing caution on the job and picking apart links and attachments in emails, you’ll avoid becoming prey to a phishing scam. Granted, AI being added to the mix doesn’t help, but the same rules still apply - stay vigilant, don’t fall for high-pressure tactics, question everything, and AI won’t have anything on you!
