Remote work is not unsafe by default. The risk rises when a message asks you to act quickly outside your normal work routine: click this file, approve this login, join this Wi-Fi, install this tool, change this bank account, send this invoice payment, or keep this request quiet.
This page is for the pause before that action. It is for employees, freelancers, contractors, hybrid workers, digital nomads, and anyone using work email, Slack, Teams, Google Workspace, Microsoft 365, payroll systems, cloud files, VPNs, or work devices away from a traditional office.
The remote work rule: verify unusual work requests outside the message
If a work message asks for a payment, payroll change, password reset, shared-file review, vendor change, gift card, wire transfer, direct deposit update, remote-access session, or urgent approval, do not prove it is real from inside that same message.
Use a channel you already trust. Call a coworker or client at a known number. Check the official work system. Use the company directory. Ask in a separate Slack or Teams channel that you already know is real. Open the payroll, invoice, cloud file, or ticketing system yourself instead of following the link in the request.
If the message asks for
A wire, invoice payment, new vendor, gift card, or refund
Verify through
The official finance process, a known phone number, or a separate verified thread
Do not rely on
A reply in the same email, a phone number in the message, or a copied executive name
If the message asks for
Payroll, direct deposit, tax, or bank-account changes
Verify through
The payroll portal, HR system, or a known payroll contact reached separately
Do not rely on
A PDF, form, or bank letter sent only by email or chat
If the message asks for
A login approval, one-time code, password reset, or MFA prompt
Verify through
The official account page and the sign-in you personally started
Do not rely on
A message saying the code is needed for IT, payroll, security, or verification
If the message asks for
Remote access, screen sharing, software install, or a device scan
Verify through
Your real help desk, company device policy, or client-approved support process
Do not rely on
A pop-up, search ad, random caller, or urgent chat from someone claiming to be IT
| If the message asks for | Verify through | Do not rely on |
|---|---|---|
| A wire, invoice payment, new vendor, gift card, or refund | The official finance process, a known phone number, or a separate verified thread | A reply in the same email, a phone number in the message, or a copied executive name |
| Payroll, direct deposit, tax, or bank-account changes | The payroll portal, HR system, or a known payroll contact reached separately | A PDF, form, or bank letter sent only by email or chat |
| A login approval, one-time code, password reset, or MFA prompt | The official account page and the sign-in you personally started | A message saying the code is needed for IT, payroll, security, or verification |
| Remote access, screen sharing, software install, or a device scan | Your real help desk, company device policy, or client-approved support process | A pop-up, search ad, random caller, or urgent chat from someone claiming to be IT |
A short delay is normal when a request can move money, credentials, files, payroll, or device control.
Work email, Teams, Slack, and shared-file phishing
Remote work moves a lot of trust into messages. A scam can start in email, Microsoft Teams, Slack, Google Chat, a shared Google Drive file, a Dropbox link, a DocuSign-style notice, a fake voicemail, a scanner message, a calendar invite, or a QR code that appears in a work thread.
The message may not look broken. It may use a real coworker's name, a client logo, a familiar project, a recent meeting, or a thread that feels routine. Treat the action it asks for as more important than how polished it looks.
- Before entering a Microsoft, Google, Slack, Dropbox, payroll, or VPN password, check that the address is the real domain and that you started from the official app or site.
- Be careful with urgent requests to review a shared file, approve access, listen to a voicemail, scan a QR code, open an invoice, or re-enter your password.
- Do not share one-time codes, backup codes, recovery links, or login approval numbers with anyone in chat, email, text, or a call.
- Do not approve a login prompt you did not start. A real coworker or help desk should not need you to approve their sign-in.
- If a Teams or Slack message comes from outside your organization, a new sender, or a channel you do not normally use, slow down before accepting, clicking, or sharing files.
If the request is just a suspicious link or fake login page, the deeper response belongs on ScamClarity's phishing page. This page is focused on the habit to use before the click.
Public Wi-Fi and working away from home
Hotels, cafes, airports, libraries, coworking spaces, rentals, conference centers, and shared apartment networks are useful. They are also places where you may rush, accept a network name without checking it, or handle sensitive work while tired or distracted.
Check the real network name with the venue before joining. Avoid lookalike network names. Be cautious with captive portals that ask for work credentials, card numbers, device passwords, one-time codes, app installs, certificates, profiles, browser extensions, or a special security update.
If you need to handle payroll, payment changes, admin panels, client records, tax documents, confidential files, or password resets, use your employer's required VPN or access method. If the network or portal feels off, switch to cellular data or wait for a trusted connection when you can.
For a fuller public-network checklist, use ScamClarity's public Wi-Fi safety page. Here, the remote-work rule is narrower: do not let a shared network or Wi-Fi prompt become the place where you enter work credentials, install software, or change payment details.
Fake IT support and remote access
A fake IT request can sound helpful: your laptop is exposed, your VPN needs an urgent update, your Microsoft account is locked, your payroll access failed, your device is infected, or your client needs a quick support session before a deadline.
Do not install AnyDesk, TeamViewer, Quick Assist, ScreenConnect, Remote Desktop tools, browser extensions, VPN profiles, configuration profiles, certificates, or unknown security software from a message, pop-up, search result, or unexpected call. Do not share your screen with someone who contacted you out of the blue.
Real IT teams can still ask for support sessions. The difference is the verification. Start from the real help desk, ticketing system, company directory, or device-management instructions you already know. If the request came through a client, vendor, or coworker, confirm it through a separate known channel first.
Payroll, direct deposit, invoices, and payment changes
Remote work creates more email-only moments around money. A scammer may impersonate a boss, client, vendor, employee, contractor, payroll contact, or finance team member and ask for a fast change before the next pay cycle, invoice deadline, shipment, closing, refund, or event.
Do not change payroll, direct deposit, vendor banking, invoice routing, wire instructions, rent payments, gift card purchases, reimbursement requests, or payment-app transfers from an email or chat alone. Confirm through the official system and a known person, especially when the request says the sender is in a meeting, traveling, locked out, switching banks, or unavailable by phone.
Business email compromise often works because the request looks like ordinary work. A vendor can seem to send a new bank account. A CEO can seem to ask for gift cards. A client can seem to approve an invoice. A contractor can seem to ask for payment off the normal system. The safer habit is a written approval process plus a separate confirmation before money moves.
If the issue has already become an invoice or payment request you may have acted on, use the more specific fake invoice scam page after saving the message and payment details.
Freelancers and contractors have different pressure points
Freelancers and contractors may not have a help desk, finance department, or company directory to fall back on. That makes the contract, platform, payment method, and client verification more important before work begins.
- Be careful when a new client wants to move off a freelancing platform before the job, payment terms, and identity are clear.
- Do not accept an overpayment and send part of it back to a third party. If a real client pays the wrong amount, they can cancel and reissue the payment through a safer channel.
- Do not buy software, equipment, gift cards, crypto, checks, shipping labels, or supplies from a vendor chosen by the client unless the arrangement is normal for your field and verified outside the message.
- Use platform escrow, written scopes, invoices, and known payment channels where possible. Be cautious when a client wants unusual payment routing, personal payment apps, or a refund before the original payment is settled.
- If a client sends a file, link, shared folder, contract, or DocuSign-style envelope you did not expect, open it from the official service or verified client thread rather than from a rushed message.
Account and file safety before the request arrives
Good remote-work safety is easier when your accounts are set up to resist a rushed mistake. Use unique passwords for work, personal email, cloud storage, banking, payment apps, payroll, and client platforms. A password manager can help because it usually will not fill a saved password on the wrong domain.
Use stronger sign-in protection where available, especially for email, cloud files, payroll, finance tools, VPN, client portals, and payment accounts. If your employer or client requires a specific authenticator, security key, passkey, or device-management setup, follow that process instead of improvising around it.
Review connected apps, browser extensions, shared-folder permissions, third-party integrations, and active sessions from the official account pages. Limit cloud folders to the people who need access. When a project ends, remove old client, contractor, or vendor access instead of leaving files open indefinitely.
Travel and coworking setup
A safer travel setup is simple: know how to reach real IT, know your backup internet option, keep devices locked, and avoid leaving work devices unattended in cafes, conference rooms, ride shares, lobbies, coworking tables, or rentals.
Use your screen lock whenever you step away. Consider a privacy screen if you regularly work with payroll, client records, legal documents, health records, student records, unreleased business information, or financial data in public. Keep chargers, cables, and accessories from trusted sources, and do not install anything just because a charging station, Wi-Fi page, or stranger says it is required.
Before a trip or long coworking session, save the official IT or client-support contact, know how to report a lost device, and know how to lock or sign out of work accounts if your laptop or phone disappears.
What not to do
These are the remote-work moments where a pause protects accounts, files, money, payroll, and devices.
Do not approve login prompts you did not start.
If the prompt appears while you are not signing in, deny it and check the official account activity page.
Do not share one-time codes or recovery links.
No coworker, client, payroll contact, or IT person should need your code in a chat, email, text, or call.
Do not change payroll or payment details from an email alone.
Use the official system and confirm through a known person or verified process.
Do not pay invoices, wires, refunds, or gift cards without separate verification.
Pressure, secrecy, travel, meetings, and new bank details are reasons to slow down.
Do not install remote-access software from a message or pop-up.
Start from the real help desk, ticket, or approved support process.
Do not use unknown Wi-Fi for sensitive changes when avoidable.
Switch to cellular or wait when the task involves credentials, payroll, finance, admin access, or confidential files.
Do not click shared-file links if the message feels off.
Open the official cloud service yourself or confirm with the sender through a separate channel.
Do not move business payments to personal apps without verification.
A client, vendor, boss, or contractor changing payment channels is a separate-check request.
Do not delete suspicious work messages before saving evidence.
Save enough detail for IT, payroll, a client, bank, platform, or reporting agency to understand what happened.
What to save if something feels wrong
If a work message, file, login, payment, Wi-Fi page, or remote-access request seems suspicious, keep practical records before they disappear.
Message details
Save the sender address, display name, reply-to address, phone number, chat handle, message link, and email headers if you can access them.
Screenshots
Capture Teams, Slack, email, text, shared-file, invoice, payroll, login, QR code, and Wi-Fi screens that show the request.
Links and files
Save the visible URL, shared file link, attachment name, DocuSign-style envelope, Dropbox or Drive notice, or QR code destination.
Payment or payroll request
Save new bank details, invoice numbers, routing instructions, gift card requests, wire instructions, refund demands, or direct deposit forms.
Remote-access details
Write down the app name, session code, phone number, website, support name, and what the person asked you to open or install.
Network and device context
Note the Wi-Fi network name, location, device used, browser, app, and whether a VPN or company access method was active.
Timeline
Record the date, time, what was clicked, approved, downloaded, changed, paid, entered, shared, or denied.
Do not store full passwords or full one-time codes in your notes. The goal is to preserve context without creating another sensitive record.
If something already happened
If you clicked a suspicious work link, entered a password, approved a login, changed payroll, paid an invoice, shared files, installed remote access, or used a suspicious Wi-Fi page, shift from prevention to response.
Contact real IT, security, payroll, finance, or the client contact if employer or client systems were involved. Change affected passwords through official systems. Check account sessions, recovery details, connected apps, and recent activity. If money moved, contact the bank, card issuer, payment provider, payroll provider, platform, or client finance contact quickly. Preserve the evidence first.
Use the more specific ScamClarity pages when they fit: phishing, tech support and remote access scams, fake invoice scams, job scams, phone or account concerns, or exposed personal information.
For U.S. reporting options, ScamClarity's United States reporting page explains how FTC ReportFraud, FBI IC3, IdentityTheft.gov, banks, platforms, employers, clients, and local law enforcement fit different situations.
Official sources used for this page
These sources support the remote-work, phishing, payment, account, Wi-Fi, and reporting guidance above.
- FTC fake remote job text alert
Supports caution with unexpected remote-job messages, fake recruiters, task scams, fake checks, and requests to send money before getting paid.
- FTC fake boss gift card alert
Supports verifying urgent boss messages through a known number or email and not sending gift card numbers or PINs.
- FTC fake invoice alert
Supports checking invoices, having clear approval procedures, and reporting phishing attempts and fake invoices.
- FBI business email compromise
Supports verifying payment and purchase requests, checking account-number changes, using multi-factor authentication, and reporting BEC to IC3.
- IC3 2025 Annual Report
Supports current context for phishing, spoofing, business email compromise, tech support fraud, and internet-enabled crime reporting.
- CISA phishing guidance
Supports checking suspicious links, looking for pressure, and using verified contact information instead of details inside the message.
- CISA MFA guidance
Supports stronger sign-in protection for email, remote access, billing, and other accounts even when passwords are exposed.
- NIST telework security basics
Supports following employer telework policies, using approved VPNs, keeping devices updated, locking devices, and contacting the help desk for suspicious activity.
- Microsoft phishing guidance
Supports treating suspicious Teams and email messages carefully, verifying through another channel, reporting phishing, and documenting what was shared.
- Google Workspace Drive phishing guidance
Supports the warning that shared files and automatic Drive notifications can be used to trick people into entering information.
- FTC tech support scam guidance
Supports not giving remote access to unexpected callers, pop-ups, or fake support messages and using trusted support channels instead.
- FTC public Wi-Fi guidance
Supports practical caution with public Wi-Fi, sensitive logins, fake pages, and safer account habits while using shared networks.
- Apple social engineering guidance
Supports not sharing passwords or verification codes, downloading software only from trusted sources, and contacting companies directly.
FAQ
How do remote workers avoid phishing?
Do not decide from the message alone. If a work email, Teams message, Slack note, shared file, QR code, or invoice asks you to sign in, approve, pay, download, or share information, open the official app or site yourself and verify through a known work channel.
What should I do before approving a work login?
Approve only logins you personally started. If a prompt appears unexpectedly, deny it, save the alert if possible, and check the official account activity page. If it involves an employer or client account, contact real IT or the account owner through a known channel.
How do I verify a payroll or direct deposit change?
Use the payroll portal, HR system, or known payroll contact. Do not rely on an email, chat, PDF, bank letter, or phone number included in the request. A payroll change should survive a separate check.
Is public Wi-Fi safe for remote work?
It can be fine for routine work when you verify the network, follow company rules, use the approved VPN or access method, and avoid sensitive changes on suspicious portals. For payroll, finance, admin access, and confidential files, switch to cellular or wait when the network feels wrong.
What if someone claiming to be IT asks for remote access?
Do not install software or share your screen from an unexpected message, pop-up, search result, or call. Start from the real help desk, company directory, ticketing system, or approved client support process and ask them to confirm the session.
What if I clicked a work file link?
If you only clicked and entered nothing, save the message and tell real IT or the client owner if work systems were involved. If you entered a password, shared a code, downloaded a file, approved a login, or granted access, shift to response: change the affected password, check account activity, and report it through the official channel.
What should freelancers watch for?
Watch for new clients who want to move off-platform quickly, overpay and ask for a refund, send fake checks, route payments through a third party, ask you to buy tools or equipment from their vendor, or rush you into opening files before the project and payment terms are clear.
What should I save if a work scam happens?
Save sender details, screenshots, URLs, shared-file links, invoice or payroll instructions, phone numbers, remote-access app names, Wi-Fi network names, account alerts, dates and times, and what was clicked, approved, downloaded, changed, paid, entered, or shared.