Although telework is generally beneficial, removing the face-to-face aspect from business-critical tasks has left some organizations vulnerable to work-from-home (WFH) scams. What are the latest schemes targeting remote workers, and what can employers do to help?
Safeguarding Employee and Company Data Is Vital
Telework has made job scams prevalent. Tens of thousands of complaints are pouring in, and every age group is affected. Most are financially impacted. The Better Business Bureau’s Employment Scams Report revealed the median loss was $1,000 in 2020. The median for older adults was more than double that amount.
Companies should care because their reputations, finances and retention rates are on the line. What happens when a bad actor poses as them on job search websites? In addition to reducing their reply rate, it generates negative press. Search engines return forums and articles about applicants falling for phishing schemes.
Moreover, scammers can use employees’ driver’s licenses and banking details to steal their identities and assets, potentially strengthening future cyberattacks against their employers. For example, they can use a stolen bank account to make a funds transfer request look legitimate. Their activity would fly under the radar, giving them more time to cause damage.
4 Common Scams Targeting the Remote Workforce
While WFH scams come in many forms, bad actors follow several specific blueprints.
1. The “Pay to Get Paid” Scam
At face value, paying an employer to get paid sounds ludicrous. However, this scam can be incredibly convincing because it uses sophisticated social engineering techniques. Employees buy software, send a deposit, or pay bogus fees in exchange for higher returns or better WFH equipment, not realizing everything is fake.
2. The Remote Access Scam
Some information technology (IT) departments use remote access software to troubleshoot technical issues without being physically present, so workers might not think twice when they receive an email asking them to hand over control. Once the scammer is inside, they can install malware, spy on communications or exfiltrate proprietary data.
3. The Classic WFH Job Scam
A listing that sounds too good to be true likely is. Federal Trade Commission data shows task scams — work involving completing simple online assignments — increased dramatically in recent years. They reached 20,000 halfway through 2024, up from zero in 2020, accounting for 40% of all job scam reports.
Scammers use the allure of high-paying or easy work to lure applicants into a false sense of security. They aim to steal personal and financial data for their own gain. Organizations employing contractors and freelancers — those who work multiple jobs — are at greater risk of being indirectly affected.
4. The Fake Check Scam
In this scheme, the fraudster sends a bad check, promising to pay for a new laptop, work phone or standing desk. Before long, they claim they sent too much and request some back. Since the check initially looks legitimate, the recipient obliges. When the check inevitably bounces, they lose those funds.
Strategies for Defending Against These WFH Scams
Organizations should develop actionable strategies to protect their workforce and themselves from WFH scams. Awareness campaigns are essential because human error — typically carelessness or negligence — is the leading cause of cybersecurity incidents. It caused 98% of breaches in 2023. Regular training sessions can help mitigate this issue.
Policy changes can fill in any existing gaps. Decision-makers should make business-critical processes foolproof. For example, they could mandate that direct deposit change approval happens in person. Alternatively, they could require payroll to confirm all requests through a second point of contact to verify legitimacy.
Requiring workers to jump through more hoops to accomplish certain tasks may cause friction, but it protects sensitive company data. This is especially true in the age of artificial intelligence, when the entry barriers for scamming and cybercrime are at an all-time low.
The IT team should deploy endpoint protection and authentication measures to minimize vulnerabilities. For instance, they can mandate device-level encryption or biometric logins. A zero-trust architecture is ideal for telecommuters because it lets them verify whether a work device is in the right hands.
Keeping the Organization and Its Sensitive Data Safe
Business leaders should consider adopting new policies, like requiring the IT team to provide quarterly awareness training. Such changes can help the organization minimize risk. The less likely employees are to fall for a scam, the safer company data and devices are.
