How the Abrupt Shift to Remote Work Could Start a Wave of Account Takeover Fraud


Lockdowns and stay-at-home orders around the world have forced businesses to rapidly move to remote work arrangements for safety. Now we’re seeing a wave of attacks by cybercriminals breaking into video conferences, hijacking employees’ devices and phishing for login credentials.

All of these attacks can disrupt business operations, but the account takeover attempts may be the most troubling. A phishing email that leads to the takeover of even one account can fuel data breaches, espionage, identity theft, ransom attacks, and e-commerce and financial fraud.

Verizon’s 2019 Data Breach Investigations Report found that 32% of all reported breaches involved phishing and 29% involved stolen credentials. The collaboration apps many companies use now, and the sheer number of employees suddenly working from home, give organized criminals a variety of ways to steal credentials and data.

Companies quickly adopted apps—and security issues

The sudden move to remote work led to a boom in the use of popular collaboration apps like Zoom, Microsoft Teams, Google Meet and Slack. That boom has been followed by a surge in reported security issues.

For example, a security researcher found that Zoom’s Windows client had a vulnerability that allowed attackers to swipe users’ Windows credentials and launch programs on their computers. Zoom has fixed the flaw, but it’s not the only issue out there.

A subdomain vulnerability in Microsoft Teams would have allowed someone with company access to scrape data from one Teams user account and leverage it to take over all an organization’s Teams accounts. How? By posting a malicious GIF in Teams. The bug is fixed, but criminals will keep targeting these apps as long as they can find ways to break in. And that’s not the only approach they’re using.

At-home workers are vulnerable to phishing scams

At-home employees present an almost ideal phishing target. They’re working in an unfamiliar way. They don’t have their on-site support team to ask questions. They’re learning new remote-working tools very quickly. And they’re doing it all in the midst of a pandemic—many with children, pets, and adult family members or housemates competing for their attention while they work.

It’s not surprising that scammers are going after them with work-related phishing attempts. Scams related to remote conferencing tools seem especially popular. Attackers have been sending fake Zoom notifications that tell recipients they missed a meeting—a surefire way to rattle the victims’ nerves and get them to enter their Microsoft credentials on a fake login site before they think too much about it. A similar scheme targeted thousands of Microsoft Teams users to try to steal their 365 login credentials. And those are just two examples from the first two weeks in May.

And while it’s up to software vendors to identify and fix vulnerabilities in their products, businesses and at-home workers have a role to play in fighting ATO, too. It’s up to businesses to ensure that the settings on the apps they use are configured properly to keep random people out. Businesses also need to stay on top of security news about the apps they’re using.

Besides vulnerable communication channels and networks, a big factor in the rise of ATO is that most of us make it too easy. A 2019 Google/Harris Poll online security survey found that 52% of respondents use the same password for some of their accounts. Thirteen percent use the same password for every account they have—which means they’re using the same password for personal and work accounts.

            Rafael Laurenco 

This creates a single point of failure that can allow attackers to take over multiple accounts with one set of credentials. For example, a thief who steals an employee’s Facebook password may also be able to log in to their Office 365 or Slack account.

What can businesses and managers do to prevent account takeovers?

These steps are best practice under any circumstances, but now they’re more important than ever.

  • Ensure that any solution you use for work conferences has end-to-end encryption to prevent others from eavesdropping on--or interrupting--your discussion.
  • Configure collaboration app settings to be as private as possible.
  • Limit at-home employees’ access to the network to company-issued, fully updated devices that have the level of security required for your business.
  • Save discussions of sensitive information for the most secure communication channels you have.
  • Limit the number of participants in conferences to reduce access points for attackers.
  • Keep all your company’s system and app software updated and patched to avoid exploits of known vulnerabilities.
  • Watch for security alerts related to the conferencing tools and other software your company uses. When vulnerability alerts go out, criminals race to exploit them, so patch fast.
  • Encourage all employees to use strong, unique passwords for each account.

How can at-home workers avoid phishing and account takeovers?

Follow these security steps to keep cybercriminals out of your employer’s system.

  • Use company-issued devices for work instead of accessing your employer’s network through your personal devices.
  • Make sure that the software on those devices is up-to-date. If you receive an update notice, check in with your company’s IT or security staff before you proceed.
  • Don’t install any new apps on your company-issued devices without permission and instructions from your employer.
  • Use a strong, unique password for each of your accounts.
  • Update your home’s Wi-Fi and router passwords so they’re not stuck on factory settings that are easy for criminals to find online.
  • Be cautious about clicking links, opening attachments or visiting websites you’re not familiar with, no matter whose equipment you’re using.

We’ve all had to learn new personal safety and health habits because of the pandemic. Now we need to take extra cybersecurity precautions for working from home, too. Up-to-date software, smart password practices, secure conferencing settings and clear communication are the best tools we have to prevent account takeovers and the damage they can cause.

About the Author: Rafael Lourenco is Executive Vice President and Partner at?ClearSale, a card-not-present fraud prevention operation that helps retailers increase sales and eliminate chargebacks before they happen. The company’s proprietary technology and in-house staff of seasoned analysts provide an end-to-end outsourced fraud detection solution for online retailers to achieve industry-high approval rates while virtually eliminating false positives. Follow on Twitter at?@ClearSaleUS?or?visit?

Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

Shabodi Accelerates Adoption of Network-Aware Applications with CAMARA API Enterprise Reference Implementation

By: Special Guest    2/16/2024

Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…

Read More

How Much Does Endpoint Protection Cost? Comparing 3 Popular Solutions

By: Contributing Writer    2/2/2024

Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…

Read More

What Is Databricks? Simplifying Your Data Transformation

By: Contributing Writer    2/2/2024

Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …

Read More

What Is Blue/Green deployment?

By: Contributing Writer    1/17/2024

Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…

Read More

The Threat of Lateral Movement and 5 Ways to Prevent It

By: Contributing Writer    1/17/2024

Lateral movement is a term used in cybersecurity to describe the techniques that cyber attackers use to progressively move through a network in search…

Read More