We’ve put together a collection of practical tips on how to keep your phone safe from cyberattacks. Following all these rules may not give you a hundred percent guarantee of avoiding unpleasant situations associated with cyberattacks, but at least reduce the risks and give an understanding of what exactly is wrong with your phone.
Email address
As well as messages and other communications, our smartphones now store all our information – from bank details to photos and social media. This makes them an ideal target for cyber criminals. With billions of smartphones in use worldwide, it’s impossible to avoid all cyber attacks. Especially since cybercriminals are constantly updating their methods of hacking our devices, be it Android smartphones or iPhones. Spam, phishing, malware, and ransomware are just some of the threats that exist, and every year, cybercriminals’ methods become more and more sophisticated.
Phishing and its variations
Phishing is a technique that involves sending fraudulent messages. The purpose of these messages is to induce the user to provide personal information, such as bank or account IDs, or to click on a link that will cause malware or spyware (tracking software) to involuntarily download and run on their device.
Varieties of phishing include smishing (text message phishing) and vishing (voice phishing). Smartphones, unlike computers, are particularly vulnerable to these types of phishing. In some cases, attackers first conduct surveillance. This is known as spear phishing. This type of phishing usually targets influential individuals and can be motivated by financial or political ambitions.
Vishing is another attack vector that is gaining popularity. Attackers using this method utilize voice services to trick their victims. They can leave voice messages, use automated calls, voice-altering systems, etc. to trick people into providing sensitive information.
How you can protect yourself
Only click on links or attachments in emails you receive if you are absolutely sure of what they contain. For example, check if the sender is who you think they are. If the message encourages you to visit a website, look up its address in a search engine or use your favorites.
Also be wary of unexpected calls or voicemails, especially from unfamiliar numbers, and consider them suspicious until you have evidence to the contrary. Don’t call back or reply to text messages that seem suspicious to you.
The physical vulnerability of your smartphone
It seems obvious, but it is increasingly forgotten: the physical security of our mobile devices. Therefore, a smartphone should always be locked with an access code, pattern or biometric data (fingerprint or facial recognition) so that ill-wishers cannot unlock it without the owner’s consent. For example, in case of theft.
At the very least, protect your phone with a password or access code. Then, if it falls into the wrong hands, your data and accounts will be inaccessible. If you want your device to be more secure, activate security features in your mobile OS so that if it is lost or stolen, you can locate, lock or wipe it.
SIM swapping
SIM spoofing, also known as SIM hijacking or SIM portability. Attackers use social engineering to gather information about their victim and then contact their operator to take possession of their number, particularly by obtaining a new SIM card. If the attack is successful, the cybercriminal can redirect the victim’s phone calls and text messages to one of their devices. They can then also use two-factor authentication, where the phone number has been registered as a second factor, to log into their accounts (email, banking, social media, etc.).
SIM hijacking is usually targeted because it requires data collection and physical impact. However, if successful, such an attack can be devastating to the victim in terms of both privacy and online account protection. You can also ask your operator not to send you a new SIM card – unless you come to collect it in person. This advice will be especially useful if your phone number has been leaked. To find out if your details have been leaked, use the Have I Been Pwned service.
Malicious apps
Smartphones are also at risk of malware that causes them to make calls or send messages to paid numbers without the owner’s consent. Malware is malicious software that hides in apps. They are more common in the Android ecosystem than in the iOS ecosystem and cause unexpected behavior on the victim’s device. While this behavior is not necessarily dangerous, it can drain the device of power, flood it with ads or surveys, and view web pages or videos without the user’s consent. Typically, such malware is designed to fraudulently generate revenue for its creators, such as clicks and ad impressions.
But there are also more sophisticated malware programs that contain hidden malicious features. In particular, they can allow the victim to subscribe to paid services. For example, the device can send text messages or call premium numbers. The victim pays for these services and the attackers pocket the money.
Computing resources
Finally, some apps stealthily use the computing resources of their victims’ devices to mine cryptocurrency. Such apps sometimes slip through the security net of the app store. In the past, some of them have been discovered in official app repositories, particularly in the Google Play Store. The problem is that cryptocurrency mining code can also be found in legitimate apps such as mobile VPNs, games, and streaming programs.
If your device overheats or your battery drains much more after downloading a new app, you may have fallen victim to malicious activity. Run an antivirus scan and/or uninstall any suspicious apps.
Open Wi-Fi networks
Open, unsecured Wi-Fi hotspots are everywhere in hotels, restaurants, and airports. These open networks are used by establishments to provide services to their customers, but their nature also makes them vulnerable to attack. Specifically, over an open Wi-Fi connection, a mobile device can fall victim to a man-in-the-middle (MiTM) attack. A cyber attacker intercepts the communication flow between the phone and the browser, steals information, transfers the payload in the form of malware, and eventually takes over the device.
There are also Wi-Fi hotspots created by attackers – so-called “honeypots” – disguised as legitimate free hotspots. Their sole purpose is to enable MiTM attacks. So try not to connect to unknown Wi-Fi networks, but use only trusted ones that you are sure of.
How you can protect yourself
Avoid using public Wi-Fi networks, preferring mobile networks. If you do need to connect to a public Wi-Fi network, use a VPN. However, for any sensitive transactions, such as using a banking app, switch to a cellular connection.
Trojans and banking malware
There are countless variations of phone malware, but Google and Apple’s basic defenses stop many of them at the root. However, of all the malware families you need to know about, Trojans are at the top of the list.
Trojans have been designed specifically to steal data and gain financial gain. Some of the mobile variants include Zeus, TrickBot, EventBot, MaliBot, and Drinik. More often than not, these malware programs are downloaded by the victim on their own, as they pretend to be a legitimate application. However, once installed on the device, they hide the windows of real banking apps to steal identifying information (such as a password or PIN). This information is then sent to a cyber criminal who uses it to rob your bank account. Some of this malware can even intercept 2FA verification codes sent to your mobile device.
Update your device regularly – in particular, be sure to install security and firmware updates. Activate security features on your Android smartphone or iPhone. Only download apps from safe sources (App Store, Play Store). If you believe your device has been compromised, stop using banking apps, disconnect your internet connection and run an antivirus scan.
Mobile Device Management
Mobile device management (MDM) solutions allow companies to manage their employees’ devices. Specifically, they provide employees with secure channels to access corporate resources and software, extend enterprise network security solutions and analytics to each device, and block malicious links and websites. However, if a central MDM solution is compromised or hacked, every mobile device is also at risk of losing data, being monitored, or being intercepted.
By their very nature, MDM solutions take control of devices away from end users. As a result, you cannot protect yourself from compromise by MDM. However, you can maintain basic security hygiene on your device, keep it up-to-date, and prevent personal apps and information from being used on work devices. Access to your smartphone means access to all your data, photos, sensitive documents and apps. That’s why it needs to be locked, just like the front door.
What you can do to protect your device
Run a virus scan. Start by updating your device to install the latest security updates, especially for firmware. While both Android and iOS have built-in protections, you can also download an antivirus app to check the status of your device. If you don’t want to pay for a license, most antivirus programs offer a free version.