Hackers are using home office selfies to steal your personal data

Remote working selfies
(Image credit: Shutterstock / Roman Samborskyi)

The pandemic has been the source of plenty of memes and new internet trends, not least the remote working selfie, which involves people taking photos of their home office setup or video conferencing sessions.

However, a new blog post from security firm Sophos suggests cybercriminals are capitalizing on this new genre of selfie to steal a range of personal data that could be used to execute identity or financial fraud.

Unbeknownst to many, there are a variety of different ways that remote working selfies can expose personal information. For example, package labels in the background of photos could betray the person’s home address, while posters on the wall could reveal information about the individual’s hobbies that could be used to crack security questions.

Images of virtual birthday parties held over Zoom or Teams, meanwhile, could be used to narrow down dates of birth and collect the names of friends and family members.

According to Dr. Jason Nurse, Associate Professor of Cybersecurity at the University of Kent, who authored the blog post, “the variety of information that may be exposed in such contexts is endless”.

Remote working security

While the desire to share remote working experiences with others is perfectly natural, given the isolation imposed upon us in the past twelve months, remote working selfies have provided yet another way for hackers to capitalize on the pandemic.

The trend has also spawned a selection of new social media hashtags - such as #WorkFromHome, #RemoteWork and #HomeOffice - that can be used to isolate content that may contain useful nuggets of information, making the lives of criminals even easier.

“Fraudsters, scammers and other cybercriminals love when we share information about our lives, personal, or work-related, openly online,” wrote Nurse.

“While the sharing of [home office selfies] may seem harmless and even a must-do at the time, the reality is that we are, once again, falling into the age-old trap of oversharing online and overlooking the risks.”

And it’s not just personal information at risk; the remote working selfie is also responsible for leaking all manner of sensitive corporate data too.

“Analysis of images of home-working environments has revealed work email inboxes, internal emails, names of colleagues, private web pages, software installed on computers [and more],” Nurse added.

To ensure your social media posts don’t expose any sensitive or personal data, Nurse claims it’s important to be mindful of what’s in the background of your photos, to use a virtual or blurred background during video calls and to think twice before using popular remote working hashtags.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.