Using video calls and virtual meetings to connect with colleagues, friends, family, and industry peers has inspired a new trend of posting online photos of home offices and remote work settings. Hashtags like #WorkingFromHome are inspiring oversharing online, and it’s important to remember the risks before posting.

Personalized scams like spear-phishing are a lucrative form of attack for many criminals because personal information improves their chance of success. Using your real name, birthday, or other highly specific information makes their jobs of targeting us substantially easier, while the ongoing pandemic – a situation where people are overly anxious, stressed, away from support groups, and balancing work and family life in the same physical space – increases our vulnerability to these attacks.

Personal details are often gathered from your online presence and old data breaches. Now we are also leaking personal information through home-office photos and visuals – even that seemingly-harmless background shown during video calls.

Leaking Data

Family members (in person or photo form) often feature in the background of video calls, along with your hobbies, favorite sports teams and television shows, and other personal details.

A quick online search of photos tagged with trends like #WorkFromHome, #WorkingFromHome, #HomeOffice reveal:

  • Birthday parties (celebrated on Zoom or Teams), exposing birthdates
  • Home addresses, through photos revealing addresses on Amazon parcels or postal mail
  • Names of family members, children and pets

From research we know that passwords are often created based on favorite teams, music artists, hobbies, and children and pet names. In this context, innocuous information from your zoom background could easily be used in password guessing attacks.

Posted images of home-working environments also reveal work email inboxes, internal emails, names of individuals in emails, private web pages, potentially sensitive internal business correspondence, software installed on computers, and internal identification numbers of devices. In many cases this information was in the background of video calls or photos of pets near/on keyboards, in the background of children being home-schooled, or the background of a nice homemade lunch. Any of these digital clues could be used in a cyberattack.

Tips

  • Always be mindful of what is visible in the background of your photos and video calls
  • Use a virtual background
  • Blur the background
  • Be cautious when sharing photos of your #WorkFromHome setup

Let’s talk about making your enterprise more secure (248)357-3980