Insights: Article

COVID-19: Remote access scams on the rise

Self-isolation and social distancing have unearthed a whole new range of challenges for Australians who are trying to rapidly adjust to remote working as the new normal.  Organisational upheaval, technology disruption and new ways of working are providing a perfect environment for cyber criminals to strike.  Now more than ever, employees and businesses alike must prioritise cyber security hyper-care to protect themselves from increasing threats.  With a few extra checks and balances to defend against attackers, everyone can remain secure and protected as they focus on getting on with their job. In this insight, we’re looking at one of the most common scams on the rise – remote access scams.

Remote access scams

The Australian Cyber Security Centre (ACSC) warns of businesses falling foul of remote access scams during this time of crisis. Cyber criminals are posing as the people and organisations we trust most: government agencies, federal and state health departments, telecommunications companies, banks, and even brazenly, the ACSC itself, to gain access to systems.

The ruse is straightforward. Attackers pretend to be from the organisation’s IT, Customer Support or Service Desk team, claiming the need to perform routine maintenance or account support because of something to do with the COVID-19 crisis.

Most users are savvy enough and will not divulge usernames and/or passwords, no matter who asks. But as part of remote access scams, attackers ask permission to take over remote control of the user’s desktop to fix the issue.  As soon as they are granted access by the user, the attacker quickly changes the user’s password, locking them out, and then proceeds to steal information. They can launch attacks against the business, access their bank accounts or personal information, and generally cause all sorts of trouble. This situation could be devastating for both users and their organisations.

RELATED CONTENT: What the breach?! 4 ways to protect yourself in a data breach

What can you do to avoid remote access scams?

If you want to avoid falling victim to remote access scams, authentication is crucial. Support teams must authenticate users based on something that only the user has or knows.  This is known as multi-factor authentication. It’s also important that users can authenticate the support person on the end of the phone and check the source of an email request or SMS message prior to relinquishing control.

Users should be prepared with the contact information for support that they need as they transition to remote working. If the support team needs to place an unsolicited call to a user, the protocol should demand the user calls back on the correct number and then identifies themselves.

Once the user is authenticated by the service centre, they can agree on how the support call will proceed, and the user can either accept the remote access request or follow instructions to fix the issue.

RELATED CONTENT: What is the most secure multi-factor authentication method?

5 ways users can dodge remote access scams

Here are five key things users should always consider.

  1. Scammers will not email from the address used by the company’s support team, so always check the source address of the email.
  2. Always check URLs before clicking them – again, if it looks suspect consider it a scam.
  3. Support teams never ask for passwords. Never!
  4. Support teams rarely cold call or email, and if they do you should call them back.
  5. Always tread carefully: authenticate, authenticate, authenticate.

RELATED CONTENT: Top 4 tips to avoid falling victim to online scams

5 ways businesses can protect against remote access scams

If you’re a business introducing new remote support capabilities or assessing current arrangements, always follow these five tips.

  1. Use authentication services like Google Authenticator or Microsoft Authenticator.
  2. Users should identify themselves using a minimum of three pieces of information: their manager’s name, department, work phone number, etc. Challenges should be random and taken from a list of five to eight items.
  3. If it permits, use the telephony system to determine the caller’s location – a local call can be more trusted than an international call, for example, when the user says they are from the Perth or Melbourne office.
  4. Consider insisting on callbacks for unsolicited support calls. Users are asked to return the call to the Service Desk using an official number. The official number should be easy for users to validate, based on official communications from the Service Desk.
  5. Consider looking at self-service technology platforms for simple tasks like password resets, whereby the systems using multifactor authentication, or an out-of-band authenticator like Google or Microsoft, can verify the user’s ID.

Head to our website for more tips and advice on cyber security and online scams.

Get in touch with Kinetic IT’s expert PROTECT+ team for tailored cyber security solutions and guidance for your business.