Responding to the rising wave of social engineering attacks against remote workers

By now, it’s clear the pandemic has provided perfect conditions for many types of social engineering attacks. We’ve seen plenty of reports and warnings from the FBI, CISAInterpol, and other reputable organizations about the growth in coronavirus-related attacks, from spear-phishing to vishing, ransomware, and more, as the world adapts to remote working and its associated risks. 

In many ways, social distancing and remote work have created more fertile conditions for hackers, but the types of social engineering attacks we’re seeing today aren’t too different from what we’ve seen in the past. So, why are we still seeing major breaches making news headlines on a regular basis? 

If history has taught us one thing it’s that hackers will always capitalize on the human element. Uncertainty, fear, distraction, isolation, and confusion can all contribute to increased vulnerabilities among users. And as we continue to face a rapidly shifting global news agenda, we can’t possibly anticipate the next twist in the pandemic or major news event that opportunistic hackers will exploit. Look at the rise in phishing attacks related to COVID stimulus and relief for example. 

We expect to see continued social distancing and increased virtual interactions long after the pandemic subsides, which means that enterprises must rely on strong authentication to protect against the rising wave of social engineering attacks. As we lose confidence in the security of systems and information with an increasingly decentralized work environment, it’s critical to re-establish trust with your users. Here’s how:

Employee education and training is not enough.

Educating employees to be on the look-out for COVID-related scams, while essential, is not a comprehensive response. No matter how much user education about phishing or social engineering takes place, some attacks will still succeed. As long as user action is required, and there is a reliance on users to identify phishing and man-in-the-middle attacks, vulnerabilities will continue to be an issue. 

It’s time to overhaul your 2FA strategy.

Organizations cannot afford to continually rely on passwords, recovery questions, or basic two-factor authentication (2FA) to protect against future social engineering attacks. These are methods proven time and time again to fall short in the face of mobile malwareSIM swapping, and phishing attacks. Hackers are getting more savvy, and we must as well. 

User experience is critical to your organization’s safety.

In a world where we are physically remote from coworkers or IT, and juggling home and work life, strong authentication must work at scale on a variety of devices, across business-critical applications, and within different environments. The better the user experience, the easier it is to deploy across and to secure the enterprise — unlike complex point solutions that only protect a niche set of users.

So, yes, the rise in COVID-related attacks is a real and present danger. But we can’t assume this is a temporary threat or unique to COVID. It is simply the latest version of an ongoing rise in social engineering attacks that demands a stronger response. Every day we are helping businesses large and small adapt to their new normal. Are you ready for yours?

Accelerate your digital transformation with hardware-backed strong authentication for your leading cloud-based services. Google CloudMicrosoft Entra ID, and many other day-to-day business applications offer built-in and seamless integration with the YubiKey.

Talk to our teamTalk to our team

Share this article:


  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0
  • Building cyber resilience with Yubico and MicrosoftIn today’s digital landscape, cyber threats are evolving at an unprecedented pace: every second, a phishing attack takes place. In fact, over 80% of these attacks are the result of stolen login credentials and almost 70% of phishing attacks relied on AI last year alone. Recent data from Microsoft Entra also reveals a staggering increase […]Read moreMFA mandatesMicrosoft
  • Yubico’s commitment to innovation: Phishing-resistance as a cornerstone for cyber resilienceAs phishing attacks have reached an unprecedented level of frequency and sophistication, enterprises must prioritize authentication that is phishing-resistant – regardless of the business scenario, platform or device users are working with. This is why Yubico prioritizes consistent product innovations that deliver on our customer’s needs for modern, phishing-resistant authentication solutions that enable businesses to […]Read more
  • CEO Corner: Wrapping up a strong year, and looking ahead to 2025 and beyondIt’s no secret that 2024 was a big year of growth for Yubico, highlighted across many notable achievements by our team and increasing demand from our customers. As discussed in my previous post, following a transformative year driven by key cybersecurity trends like passkeys and AI, the year culminated in the significant step of Yubico […]Read moreCEOEarningsMattias Danielsson