Are you ready for a little bit of techno-nostalgia? Do you remember when you held your first mobile in your hand and dialed the first number? Who did you call? Do you still have that person’s number?
If your memory is blurry, stick with the history of telecommunications’ facts: on this day in 1973, a Motorola engineer named Martin Cooper made the first call ever on a handheld cellular phone that looked like a shoe, while taking a walk on a New York street. Well, now imagine you work for the company that created this tech miracle. No wonder the first person Martin called on this mobile was an engineer from the competition, Joel Engel from Bell Laboratories / AT &T. And, like a typical rival, Joel still doesn’t remember this call.
And if you always complain about your smartphone that needs constant charging, remember that the first Motorola cell phone required 10 hours of recharging for a 35 minute conversation.
Today everybody uses at least one mobile phone and when it comes to cybercrime, your mobile phone isn’t exempt. When any device is connected to the internet, as most phones are, the users of those devices face many of the same threats as desktop computer users.
Many of the cyber threats that face mobile devices are simply the mobile version of threats that face desktop computers. Still, it’s helpful to review these threats and some of the ways the attacks are customized for mobile devices.
Mobile Ransomware. Ransomware is a type of malware that locks up your device. Once you’ve been infected, you lose your ability to access all of the data on your phone until you pay a ransom to the criminal. Depending on the type of ransomware, you could lose your call history, contacts, photos, messages, and many basic phone functions. Even if you pay the ransom, there’s no guarantee that your device will be fixed, so it’s best not to buy any software that pops up during a ransomware attack.
Scareware is similar to ransomware. The difference with scareware is that you don’t lose your access to data. Instead, a pop-up or similar message attempts to scare you into believing you’ve been infected by a virus. The scareware will advertise software to combat the viruses, but that software itself is the virus. The key is to do nothing—as long as you don’t download the scareware or give out any personal information, you won’t get a virus.
Spyware and Drive-By Downloads. Not all malware is as obvious as ransomware. Some malware is designed to go unnoticed, and these viruses are known as spyware. Spyware can be installed on your device without your knowledge by hackers. It can also be accidentally installed while browsing the internet. This is known as a “drive-by download.” You think you’re simply visiting a website, but the site clandestinely installs spyware on your device. Once it’s on your device, spyware can track your device use and extract personal data like locations and passwords. Whatever the spyware collects is sent back to the cybercriminal who created it.
Malicious Apps or “Riskware”. There’s an app for everything, but not all of those apps are convenient tools or benign entertainment. That time-killing game you downloaded might be fun, but it might also be collecting intimate details about you and sending them to advertisers or bad actors. These apps ask for permissions and data access under the guise of improving the app experience, but what they’re actually doing is mining data to sell. Falling victim to these scams is known as “data leakage.” At best, this scam results in increasingly invasive ads. At worst, sensitive data could end up in the hands of criminals who use it to steal your identity.
Phishing and Smishing Scams. Phishing is a common cyber scam that costs victims millions of dollars every year.2 Phishing can be broad and crude or targeted and specific, but in general, the scam starts as an email that appears to be from a business or person you know. It contains a link and asks you to input some information, such as a confirmation of account information. However, the email isn’t actually from the entity you know, and any information you enter goes straight to the scammer.
This may sound like an easy scam to avoid, but phishing emails can be advanced. It’s easy to mistake them with the real thing. In some ways, mobile devices heighten this threat. Users may be more likely to quickly open up an email if they get an alert on their phone, as opposed to desktop users who purposefully sift through their inbox. “Smishing” or “SMiShing” is a new take on the phishing scam. The scam plays out the exact same way, but instead of using email, the scammers use text messages (the “SMS” in “SMiShing”).3
Free Wi-Fi Can Pose Threats. It may seem like a nice perk for a coffee shop or transit terminal to offer free wireless internet, and it is, but it’s also a potential threat. Free Wi-Fi is often unsecured, which allows hackers to place themselves between your device and the Wi-Fi hotspot.4 Anything you do online while using the free connection could be intercepted by bad actors.
Luckily, you aren’t powerless when it comes to cyber threats. In many cases, due diligence will go a long way in stopping the attack before it begins. In order to protect yourself from these mobile device attacks, keep the following steps and tips in mind.
• Consider Security Software for Your Device
Just like how you can download antivirus software for your computer, you can do the same thing for your mobile device. Consider using security software that will protect your phone from malware and riskware. Some security software also comes with password managers, which can help keep your login information safe.
• Create Better Passwords
If you still use passwords such as your pet’s name or address, you have to start getting serious about your security. Make passwords at least eight characters long (the longer, the better), and combine letters, numbers, and symbols. Do not include any information that might be guessed, such as the name of your child or dog. Long chains of random characters are best. If you have trouble remembering passwords, don’t make the passwords simpler. Instead, consider using a password manager.
• Keep Software Updated
Update your software on your device when prompted. These updates often include fixes to security vulnerabilities. They’re usually quick, too, and failing to run them can create an easy opening for hackers.
• Check Bank Statements and Mobile Charges
The vast majority of identity theft cases and cybercrimes involve financial fraud. That’s why you need to regularly check your mobile charges, bank statements, and any other financial accounts you have.
Scrutinizing financial records goes beyond mobile device security, and it should be a routine part of your security habits.
• Beware of Unfamiliar Apps
Before downloading a new game to kill time, do a little research on the app and the app’s developer. Carelessly downloading apps invites spyware, ransomware, and data leakage. By carefully researching what you’re downloading before you download it, you can prevent many of these attacks. Simply plugging the developer’s name into a search engine could help raise red flags on suspicious software.
• Turn Off Unnecessary Features
Turn off any features you don’t need at that moment. For instance, if you are not using GPS, Bluetooth, or Wi-Fi, turn them off. This is especially important in public spaces, such as in places with free Wi-Fi. If you do decide to use free Wi-Fi, avoid accessing sensitive information through the network. For example, don’t do your banking or pay bills on a public, unsecured network.