Home office selfies leave you vulnerable to attack

Beware of cybercriminals targeting remote workers

Home office selfies leave you vulnerable to attack

Sharing a screenshot of your team in a Zoom video call, or a selfie of your pets in your home office, may seem funny and harmless, but the details on display could (literally) give cybercriminals a snapshot of your life. These bits and pieces about your professional and personal activity could be pieced together and used to steal your identity and hack into your accounts, experts warn.

“The reality is that we are, once again, falling into the age-old trap of oversharing online and overlooking the risks,” said Dr. Jason Nurse in a recent analysis for security firm Sophos. “Fraudsters, scammers and other cybercriminals love when we share information openly online about our lives, personal or work-related.”

Information gleaned from work-from-home photos and videos can include birthdates, from celebrations shared online; home addresses taken from labels on parcels or documents left lying around; and the names of household members or pets. Other items displayed in the background can also provide clues about a person’s hobbies, interests or social groups.

Read more: Securing the remote workforce – 5 new cyber threats

“From research, we know, for instance, that passwords are often created based on favourite teams, music artists, hobbies, and children and pet names. Therefore, this information could easily be used in password-guessing attacks,” Dr. Nurse said.

Selfie blunders don’t just expose personal data, either. Some snapshots also leave corporate data on display. “Analysis of images of home-working environments has revealed work email inboxes, internal emails, names of individuals in emails, private web pages, potentially sensitive internal business correspondence, software installed on computers, and internal identification numbers of devices,” he said.

These insights make cybercriminals’ attempts to target WFH staff “substantially easier” especially when “the ongoing pandemic – a situation where people are overly anxious, stressed, away from support groups, and balancing work and family life in the same physical space – increases our vulnerability to these attacks,” Dr. Nurse said. He provided the following tips to stay safe online:

  • Be mindful of what is on display in your home
  • If you can, use a virtual or blurred background during calls
  • Think twice about what you post on social media using the hashtags #WorkFromHome, #WorkingFromHome, #RemoteWork or #HomeOffice

Read more: Cybersecurity in the age of COVID-19

Boris Cipot, senior security engineer at Synopsys, raised the same concerns about WFH employees. “With the growth of social networking platforms, and the trend of home office selfies, users must be mindful of the potentially compromising information they are posting publicly,” he shared with HRD.

“Refrain from taking photos of your computer desktop, applications, or the desk if personal and/or professional papers may be within view. These can be used by would-be attackers directly against you. Attackers may be able to guess your passwords based on items around your home office.”

Apart from cybersecurity threats, selfies at home can also be used by other criminals to survey their targets. “Even if you’re not sharing anything that could lead to sensitive information sharing, you may not even realise you’re displaying expensive items that could be attractive to would-be home intruders,” Cipot said.