Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

The Dangerous Secrets Our Working-From-Home Photos Reveal

Cybercriminals can glean many clues from scrutinizing shots of home offices and webconferences. The Dangerous Secrets Our Working-From-Home Photos Reveal

The Dangerous Secrets Our Working-From-Home Photos Reveal

As more people work from home during the Covid-19 pandemic, they are sharing photos of their online meetings and remote-working setups—and that’s putting their security at risk.

My research into oversharing online shows that people often don’t realize how much personal information they are revealing in photos—images of their houses and hobbies that provide clues about their usernames, passwords and other personal information. And hashtags like #WorkFromHome and #HomeOffice make it convenient for crooks to zero in on photos that contain those details.

While we have yet to see any documented crimes based on photos shared during the pandemic, it is clear the boom in sharing exposes people to all sorts of dangers. The crisis is the perfect background for malicious snooping—because people are stressed and anxious to make any kind of personal connection, even if it is just revealing some small part of their home life.

Let’s look at a few avenues of exposure that put people at risk.

Spotting Your Vital Stats

First, crooks can scour your photos to find personal information that you would never think of sharing, precisely because you know it can turn against you.

Consider a phishing email that claims to be from your bank. It says there is a problem with your account, and you need to log in immediately, using a provided link. To seem believable, the email would need to include your name, birth date and home address.

Now imagine that you had recently published two posts on social media. In one post, you shared a picture of your home-working setup, which displayed—in addition to your MacBook Pro and adorable cat—an Amazon package showing your name and address.

In another post, your colleagues shared a photo from a Zoom conference in which they surprised you with a birthday party. There’s a lovely cake pictured, and it also includes your age. Your friends included the hashtag #Birthday, which means a criminal could figure out your date of birth from looking at when the picture was posted.

Now go back to the phishing email. It has your name, address and birth date. And you click on it.

Criminals also can glean information about your passwords based on photos that are shared online—and are already tempting because of hashtags. It is well-known that passwords are often based on hobbies and names of loved ones and pets. Posting photos of your home office may suggest your interests and hobbies—for instance, Harry Potter books, fishing trophies or posters of your favorite sports team. Similarly, photos that name loved ones or pets can also provide hackers with hints to passwords.

My research shows that hackers may combine these hints with databases of common, or previously breached, passwords to boost their chances of success. For example, if you have Liverpool Football Club posters around your room, criminals might deduce you are a supporter and that your password may contain “liverpool.” By analyzing a list of breached passwords, easily found online, hackers can see that most people who use “liverpool” in their password add a significant numeral after it, such as liverpool11 or liverpool10, the numbers of two popular players.

Business Secrets

But people don’t just expose their own secrets when they post home-office photos—they potentially expose their employers’ secrets, too.

My preliminary analysis of photos from the new wave of work-at-home postings has found that people unwittingly reveal images of sensitive internal corporate correspondence and webpages on their screens—a trove of information for criminals.

People can also inadvertently reveal more-complex information, with photos that show technical details about their machines, such as the serial number of a computer. With the right piece of information, a criminal might be able to email an employer’s IT help desk, pretend to be that employee and obtain information that will help them get access to the system or carry out other scams.

Likewise, hackers and corporate competitors might take advantage of photos that show the software companies use.

Awareness of the software means knowing what software platforms to target and what security exploits to prepare. In some cases, the organization is using an outdated version of software, such as Microsoft Windows or Office, that hasn’t been updated to guard against new vulnerabilities.

Crimes such as burglary and theft are also still a serious threat. As individuals post photos of new remote-working setups, they also are including a range of expensive devices, the layout of their homes, and the locations of the nearest windows and doors. In combination with some of the other information mentioned above, this provides burglars with exactly the insight they need to determine what homes to break into, where to find the expensive tech, and how to get in and out.

To keep safe during the pandemic, we need to protect ourselves both in person and online. Cybercriminals are on the lookout!

Updated: 6-29-2020

Researchers Say Ransomware Attacks On The Rise As More People Work From Home

Proofpoint research shows that phishing-based ransomware attacks are on the rise amid the COVID-19 pandemic.

A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months.

According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy.

The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks.

Lower Than Average Ransoms

A ransomware application called “Mr. Robot” has mostly targeted people and companies across the U.S. in the past. Findings suggest that this has changed in recent months, however, with home users becoming the main victims of the attack. To reflect the software’s new use case, ransom amounts have dropped as low as $100 in Bitcoin (BTC).

A ransomware known as Avaddon distributed over one million messages in a single week. It too is known to target U.S. companies and individuals.

“24/7 Support” Offered By Avaddon’s Hackers

The hackers behind Avaddon often demand $800 ransom payments in cryptocurrency such as Bitcoin. Interestingly, this particular team provides a “24/7 support” service to its victims which offers them advice on how to pay the ransom and how cryptocurrencies work.

In recent days, Cybersecurity firm Symantec blocked a ransomware attack directed at 30 U.S.-based firms and Fortune 500 companies.


Related Articles:

New Decentralized Cybersecurity Solution Enables Passwordless Logins (#GotBitcoin?)

CIA’s ‘Lax’ Security Led To Massive Theft of Hacking Tools, Internal Report Finds

Signal Is A Truly Private Chat App Ideal For Protestors (#GotBitcoin?)

Maintain Your Privacy And Security During A Protest (#GotBitcoin?)

Borrower, Beware: Credit-Card Fraud Attempts Rise During The Coronavirus Crisis

Senate Vote Allows FBI Access To Your Browsing History Without A Warrant And What You Can Do About It

Report Says Chinese And Iranian Hackers Seek To Steal Coronavirus Research

28,000 GoDaddy Hosting Accounts Compromised

Some States Dabble In Online Voting, Weighing Pandemic Against Cybersecurity Concerns

Antonopoulos: Chainalysis Is Helping World’s Worst Dictators & Regimes (#GotBitcoin?)

Survey Shows Many BTC Holders Use Hardware Wallet, Have Backup Keys (#GotBitcoin?)

Blockfolio Quietly Patches Years-Old Security Hole That Exposed Source Code (#GotBitcoin?)

Apple iPhone May Be Vulnerable To Email (Mail) Hack

Gates Foundation, WHO And Wuhan Institute of Virology All Hacked!

Google Hack Requires That You Updated Chrome Browser Now To Version: 81.0.4044.113

Privacy-Oriented Browsers Gain Traction (#GotBitcoin?)

Can Blockchain Technology Counter US Anti-Message Encryption Bill? (#GotBitcoin?)

Chinese Military Turns To U.S. University To Conduct Covert Research

CIA Has Had Keys To Global Communication Encryption Since WWII

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds

Hackers Stole And Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Ex-CIA Engineer Goes On Trial For Massive Leak

Multi One Password (Portable App)

After He Fell For A $40K Phone Scam, His Bank Offered To Help—If He Stayed Quiet (#GotBitcoin?)

Your PGP Key? Make Sure It’s Up To Date

Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince

Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)

Microsoft Releases Patch To Patch Windows Flaw Detected By NSA

VPN Tier List 2020 (Comparison Table)

SEC Market-Surveillance Project Hits Snag Over Hacker Fears

Inside China’s Major US Corporate Hack

Twitter Bug Exposed Millions of User Phone Numbers

U.S. Cyber Officials Give Holiday Shopping Advice For Consumers

Is Cayla The Toy Doll A Domestic Spy?

Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.

Which Password Managers Have Been Hacked?

DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation

Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.

Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)

Should Consumers Be Able To Sell Their Own Personal Data?

Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)

Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)

Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)

Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)

Take A Road Trip With Hotel Hackers (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Hackers Target Loyalty Rewards Programs (#GotBitcoin?)

Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)

IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)

Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)

Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)

3-29-2019 FBI Retools To Counter Cyber Threats, 4-12-2019 Thousands Of FBI Personal Data Is Stolen (#GotBitcoin?)

Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)

Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply