Tech Talk with David Snell
3/16/2021

Hackers are using home office selfies to steal your personal data

The pandemic has been the source of plenty of memes and new internet trends, not least the remote working selfie, which involves people taking photos of their home office setup or video conferencing sessions.

However, a new blog post from security firm Sophos suggests cybercriminals are capitalizing on this new genre of selfie to steal a range of personal data that could be used to execute identity or financial fraud.

Unbeknownst to many, there are a variety of different ways that remote working selfies can expose personal information. For example, package labels in the background of photos could betray the person’s home address, while posters on the wall could reveal information about the individual’s hobbies that could be used to crack security questions.

Images of virtual birthday parties held over Zoom or Teams, meanwhile, could be used to narrow down dates of birth and collect the names of friends and family members.

Remote working security
While the desire to share remote working experiences with others is perfectly natural, given the isolation imposed upon us in the past twelve months, remote working selfies have provided yet another way for hackers to capitalize on the pandemic.

The trend has also spawned a selection of new social media hashtags – such as #WorkFromHome, #RemoteWork, and #HomeOffice – that can be used to isolate content that may contain useful nuggets of information, making the lives of criminals even easier.

Fraudsters, scammers, and other cybercriminals love when we share information about our lives, personal, or work-related, openly online.

While the sharing of home office selfies may seem harmless, the reality is that we are, once again, falling into the age-old trap of oversharing online and overlooking the risks.

And it’s not just personal information at risk; the remote working selfie is also responsible for leaking all manner of sensitive corporate data too. Analysis of images of home-working environments has revealed work email inboxes, internal emails, names of colleagues, private web pages, software installed on computers [and more].

To ensure your social media posts don’t expose any sensitive or personal data, it’s important to be mindful of what’s in the background of your photos, to use a virtual or blurred background during video calls, and to think twice before using popular remote working hashtags.