The holiday season is upon us, and for many people, that means travel and hopefully, some time off from the office. The last thing you want to worry about is whether or not a cybercriminal is targeting you and your company while you are away.
But travel is common cover for phishing attacks. Here’s a few tips to help keep safe while you’re away—and if you’ve covering someone else’s work while they’re traveling.
If you are traveling….
1. Don’t post about your travel plans on social media.
A common form of phishing is impersonating a real person at a company and sending an email to their employees asking for money or sensitive files. One of the most common times for this to happen is when a high-level official is traveling. The phishing emails, which look like they’re coming from the CEO or something else, usually say something like I lost my wallet while traveling and need you to wire me money.
So, how do cybercriminals know when you’re out? They will usually watch social media accounts, and do this when someone actually is traveling, so it’s more convincing. Around popular travel times, it’s best to not publicly post that you are away and give them the opportunity.
Outside of the holiday season, cybercriminals will also target people out of the office for conferences. An easy way to see who is attending those is to follow event related hashtags on social media! Our own employees have been targeted by this before.
If you do decide to post about your travel plans before or during your trip, make sure your employees know how to handle any urgent requests that come in.
2. Don’t include specific names in your Out of Office message.
Out of office messages are one of the ways cybercriminals can find out who, specifically, they should target when you are out of office. Most people will leave information about a specific person who is covering their work, along with their contact information.
If possible, put generic information instead—like, “contact firstname.lastname@example.org” rather than “contact head of accounting, Angela Martin.”
We understand that isn’t possible for some. If you need to put a specific person, have a conversation with them beforehand about handling any “urgent” requests from you. Do not make any real urgent requests of them via email.
3. Don’t use public wi-fi while traveling.
Most public wi-fi networks are not secure—many if someone has even a little bit of computer skill, they can see any data you send over it if they’re connected to the same network. It’s also pretty easy for a cybercriminal to set up a temporary wi-fi network that look legitimate.
Avoid using public or otherwise unfamiliar wi-fi networks—this goes for whether you’re traveling or just at the coffee shop near your office!
If you are covering for someone who is traveling….
1. Be suspicious of potential phishing emails, especially if they are from a VIP.
Cybercriminals often use travel as cover for phishing emails. These usually come as urgent requests that look like they are from the person traveling. If you get one of these, don’t wire the money without having a voice confirmation to confirm it’s real.
Have a conversation with whoever you are covering before they leave about what to do in the event of urgent requests.
Basically, it boils down to this: have a plan in place before you leave about emergency requests. Don’t handle emergency requests—especially when they involve money or sensitive files—via email. And make sure everyone in your company knows what to expect
It’s a lot easier for someone covering your work to know what’s real and what’s a scam when you’ve had the conversation ahead of time.