Mobile Security: Trends & Threats

By Emily Andrews – Mobile use has become so vital that most people have their devices within arms reach 24/7. As a result, online threats have evolved to target mobile users. Scammers develop thorough campaigns that often go undetected by casualusers.

It’s important to educate yourself on the scam tactics that frequently happen. This article outlines the said threats and how best to prevent these attacks.

Most Common Mobile Security Threats

Telephone Scams

These scams prey on a person’s kindness or fear. Most perpetrators will demand a money transfer or will request your private information. This includes your passwords, social security number, home address, or birth date

The perpetrators will make up fake scenarios that usually cause you to feel a sense of urgency. Some common fake situations they will use are:

• Pretending to be the IRS (especially during tax season)
• Robocalls or automated phone calls presenting you with deals too good to be true
• A family member in distress (targeted more towards the elderly)
• Relief and charity initiatives. This will happen most often during national disasters.
• Tech Support calls
• Notification of debt like credit card debt, insurance, car payments, etc.
• Impersonating bank employees or utility companies
• Lottery, travel, and prize money scams

Perpetrators can also easily spoof numbers. They can appear to be local or even seem to legitimately be from the institute they claim to be. Do not fall victim to the sense of urgency. If anything seems suspicious, trust your instinct and take a moment to check the validity of the phone number.

You can do this by using a reverse phone number finder. This type of online tool will search a massive database and give you information about the phone number that contacted you. You can then confirm the caller’s legitimacy and if they are indeed who they say they are.

Read: Your worst nightmare, Malware on Android devices

Social Engineering

Social engineering is a broad term. It’s a way for cybercriminals to manipulate human emotions to get users to give up sensitive information. Sometimes the aim is to spread malware/spyware/ransomware or even gain access to restricted information and systems.

There are many social engineering techniques, but this article will outline just two. These are phishing and smishing. Phishing involves research on the criminal’s behalf. They will pretend to be from a trusted institute like a bank. They will also prepare enough to appear credible when contacting you. Again, their aim is to get sensitive information such as passwords, credit card details, and so on.

The emails they send contain malware in the form of downloadable attachments or suspicious links. Some malware can then grant criminals access to your PC remotely, allowing them to use/see anything on your laptop. Without you knowing, they can conduct an entire account takeover.

Read: Top 10 Mobile App Development Frameworks in 2021

SMS phishing or smishing is a way to use text messages to conduct fraudulent activities. It could be an SMS from your ‘bank’ prompting you to click a link. The link appears to be the login page of your online banking profile. However, it is a fraudulent copy of the website designed to get your username and password. Refrain from clicking links in these types of messages.

Malicious Apps

When most people download a convenient mobile application, security is an afterthought. Malicious apps will take the form of a harmless game or life-enhancing application. However, beneath the surface, they are gaining intel.

Legitimate applications ask you for permission to your microphone, gallery, contacts, and GPS location. In the case of a malicious app, granting this permission results in a dangerous data breach.

Some common indications that an app is malicious are:

• Your phone overheats and your battery doesn’t last very long
• You are running out of data at a much faster rate
• Other applications have spontaneously installed themselves on your phone without your authorization
• The application has a lot of pop-up ads
• Your phone’s performance is greatly reduced

If you have downloaded malware disguised as an app, all is not lost. You can backup the content on your phone to the cloud and then reset the device. This is the case for iOS users. You will however need to redownload all of your legitimate applications after the reset.

Spyware through Advertisements

Also referred to as malvertising, malicious advertising campaigns are present even on the most legitimate and popular of websites. Most of the attacks occur after a user has clicked on the malicious advert. However, simply visiting a website that hosts one can infect your PC (without even clicking the advert). The latter is known as a ‘drive-by download’.

These campaigns also aim to get your sensitive (often financial) information. They may get your credit card information via a fake form or infect your PC with a virus. The main solution to this problem is to use an ad blocker or a VPN that has ad blocking options. Many VPNs have standard anti-spyware and anti-malware functionalities. You can also make use of reputable anti-virus software on the market.

Read: Best spy apps for Android phones

Unsecured Networks

Unsecured networks require no password to gain access. They also have less encryption over the network. Sometimes users assume that this open network is owned by the facility they’re close to. However, some cybercriminals set up these open networks to lure in potential victims.

This means that any unencrypted data you send can be accessed by these people. Unencrypted text messages, login credentials, images, and emails are now easily obtainable.

To prevent these issues you can make use of a good firewall, anti-virus software, and a reputable VPN. Additionally, you can ask the facility you’re at if they have open wifi and what the name and specific login details are.

Old Operating Systems and Software

Operating system updates can be very inconvenient, but the new versions often come with improved source code. These improvements can be general upgrades but they also roll out security patches. Whether you use Android or iOS, Windows or Mac; you cannot avoid the need to upgrade.

Keeping an old operating system for the sake of comfort or familiarity is a massive compromise. It is a hole in your security system. Cybercriminals will go after those with outdated software as they’re easy targets. The vulnerability they pose is too tempting to pass up.

How to Prevent These Attacks

Take a look at some actionable steps you can take to protect yourself against cyber threats

• Encrypt all data – You should start with encrypting the data on your laptop/desktop. You can do this via full disk encryption (FDE). For Windows, you can use BitLocker and for macOS, you can use FileVault. Be sure to also encrypt your emails as well as all of your internet traffic.
• Use VPNs when forced to connect to public networks – Virtual private networks (VPNs) are aimed at maintaining your privacy and online anonymity. Additionally, they have anti-spyware and anti-malware features, ad blockers, and encrypt your internet traffic.
• Use Multi-factor authentication – Multi-factor authentication is when a user has to use multiple (often 2) ways to confirm their identity. It could be a password as well as a text message sent to their phone with a randomized pin number. This second layer of confirmation can prevent hackers from gaining access even if they’ve managed to get your username and password.
• Continuously backup and clean up – Remove data off of your devices as often as possible. This could mean deleting unnecessary applications, uninstalling software, and moving data onto external/cloud storage. Much like you would shred sensitive documentation, you should also delete soft data whenever possible

Take Some Action

Doing everything to protect yourself may seem overwhelming at first. If that is the case, just make use of a few of the listed tips to start. As you get comfortable with being vigilant, you can layer on even more security.

You are now more aware of the cybercrime trends and what these criminals look for most frequently. If you protect yourself even just slightly more than the average person, chances are you won’t fall prey to their tactics!

 

Emily Andrews is the marketing communications specialist at RecordsFinder, an online public records search company. Communications specialist by day and community volunteer at night, she believes in compassion and defending the defenseless.