The fact that our mobile devices have become the key to our communication, finances, and social lives today makes them lucrative targets for cybercriminals.
The threat actors are constantly adapting their tactics to break into smartphones, regardless of whether they use Apple iOS or Google Android smartphones.
There are many types of threats, such as spam and malicious links sent via social media to malware that spy on you, compromise your banking service, or distribute ransomware on your device.
When an attacker sends you a fake or fraudulent message, that is considered phishing. (READ: SMS Spam Prevention Tips) It is not uncommon for cybercriminals to try and trick you into sharing personal information with them. Such as:
There are many avenues through which mobile devices are susceptible to phishing, including emails and social media messages, which are also used by PCs. In addition, mobile devices can also be a victim of smishing, which occurs when phishing attempts are sent over SMS text messages.
You can use any mobile device. Fraudsters and cybercriminals will take advantage of it. If you use a mobile device such as an Android or an iOS, you do not have to worry about phishing since it doesn’t matter.
How to Avoid? Unless you are sure that a link in an email or text message is legit, please do not click on it unless you are positive it is legitimate.
The physical security of our mobile devices is one of the essential security measures we often forget about. A device that does not use a PIN, pattern, or a biometric check, such as a fingerprint or retina scan, may cause our handset to become vulnerable to tampering if we do not use a PIN or patterns, or biometric check. It is also essential to keep in mind that your phone is at risk of theft if you leave it unattended.
How to Avoid? At the very least, secure your phone with a PIN or password to prevent your data from being accessed if it ends up in the wrong hands.
Often referred to as SIM swapping or SIM porting, this is taking advantage of a legitimate service offered by telecom brands when customers need to switch their SIM cards or telephone numbers from one operator to another.
Most of the time, when a customer wants to switch their telecom provider, they will call their provider and make the request. It is, however, more likely that a hacker will use social engineering to discover information about you that they can use to assume your identity. This can also trick customer service representatives into giving them access to your telephone number using information they find out about you, which includes your name, physical address, and contact details.
Cybercriminals can reroute your calls and texts to a handset they own if an attack is successful. Moreover, this also means that any two-factor authentication (2FA) codes that you use to protect your email account, social media account, or banking account, among others, will end up in the hands of these hackers.
SIM hijacking is a targeted attack since it requires physical effort and data collection. Nevertheless, they can be disastrous for your online privacy and security when successful.
How to Avoid? Use cybersecurity best practices to protect your data so that social engineering can’t take advantage of it. Ask your telecom provider to add a “Do not port” note to your file to avoid porting.
It is also possible for your mobile device to be infected with nuisance Trojan horses and malicious software that will make it send messages or make calls to premium numbers if installed.
A nuisance program is typically not harmful, but it still can be annoying and drain your battery power. An example of nuisance is malware found in apps (more commonly found in the Android ecosystem than in the iOS ecosystems), which will make your handset behave annoyingly. Although it does not pose a threat, it can show pop-up advertisements, interrupt your tasks with promotional messages, or open up pages in your mobile browser without permission.
As nuisance can generate ad impressions from users through their telemarketing calls, premium service dialers can even be more dangerous. While you will pay for these ‘services’ because you end up having to pay for this app, the attacker will receive money because the app contains hidden functions that will covertly sign you up for premium, paid services, send you texts, or make calls.
The developers of some apps are known to steal your device’s processing power for mining cryptocurrencies.
How to Avoid? To keep yourself safe, you should ensure that you download apps only from legitimate app stores and make sure that you carefully evaluate what permissions you’re giving them.
Hotel rooms and coffee shops are full of open and unsecured Wi-Fi hotspots. Although they are supposed to be customer service, they are also vulnerable to attacks because of their open nature.
Specifically, an open Wi-Fi connection could expose you to Man-in-the-Middle (MiTM) attacks on your handset or PC. Your handset is vulnerable to an attacker intercepting the communication flow between your handset and web browser, which can lead to the theft of your information, the delivery of malware payloads, and the hijacking of your device itself.
There is also the possibility of finding Wi-Fi hotspots called ‘honeypots’ from time to time. Known as open Wi-Fi hotspots, these are created by cybercriminals as free and legitimate spots to perform MiTM attacks on targets.
How to Avoid? Using a mobile network instead of public Wi-Fi is your best defense against viruses and other types of malware. If you must connect to them or have no choice but to join, consider using a virtual private network (VPN).
If you suspect your Android or iOS device is infected with malware. Here are the steps:
The latest firmware and operating system updates usually include security patches that can be exploited to spread malware or attacks. An antivirus app would be helpful, even if Google and Apple offer security protection. Norton, Avast, and Bitdefender are all options.
You should delete suspicious apps if you don’t recognize them or don’t use them. For example, removing the app may be sufficient to restore regular operation if your handset is infected with a nuisance. Also, it is highly recommended to avoid apps from third-party stores.
Android developers can offer malicious apps and malicious utilities, especially in the Android ecosystem. Also, always review your mobile device’s permission levels periodically. If you find them too extensive, revoke or delete them. These changes can come out of the blue for legitimate apps. Millions of devices were hijacked in one stroke by a famous barcode scanner developer in 2021.
Wi-Fi networks should never be public, open channels. Rather than using Bluetooth or GPS, turn off those features if you do not need them.
Delete any suspicious apps if you’ve received unexpected bills. Call your telecom provider if you want premium numbers and SMS messages blocked.
There are several options when your mobile device is locked by ransomware, and you can no longer access it.
ManilaShaker is a tech media producing insightful and helpful content for our local and growing international audience. Our goal is to create a premier Philippine digital consumer electronics resource that provides the most objective reviews and comparisons globally.
