Communication is an essential part of human life. In fact every living thing do communicate in one way or the other through different media. However, to human being, mobile phone otherwise known as handset has become the commonest and easiest means of communication in this twenty-first century. Mobile phones in addition to other mobile devices can be used to send and receive information. This information comes in form of phone calls, short message services (SMS), emails and so on.
This devices also plays vital roles in our financial and social lives, since they can store most of our personal biodata. And as a result, threat actors are constantly evolving their tactics to break into them. This includes everything from basic spam. Malicious links sent over social media to malware capable of spying on you, compromising your banking apps, or deploying ransomware on your device.
Having known this, it is important that we take some precautionary measures to avert falling to the prey of the scammers on our mobile devices.
Below are some of the common Mobile phone security threats and how to avoid them.
1. Phishing and Smishing
Phishing occurs when attackers send you fake and fraudulent messages. Cybercriminals do this primarily to lure you into sharing personal information, by clicking malicious links, downloading and unwittingly executing malware on your device, or sometimes handing over your bank, PayPal, social network, email, and other vital account information.
Mobile devices are subject to phishing through every avenue PCs are, including email and social network messages. However, mobile devices are also vulnerable to smishing, which are fake text messages claim to have come from reputable companies in order to gain access to personal details like password. Both android and iOS devices are vulnerable to this threat.
It is recommended that you do not click on links in emails or text messages unless you can be 100% sure that they are from a legit source.
2. Physical Security
This is one of the major ways to secure our mobile phones and other digital devices. But unfortunately, many people do forget it. We can secure our phones physically through PIN, pattern, or a biometric check such as a fingerprint or retina scan. These physical security measures are simple and free. If on the other hand one ignore this measure(s), you are making your handset vulnerable to tampering. In addition, if you leave your phone unattended, it may be at risk of the theft.
Always ensure that you lock down your mobile phone with a strong password or PIN number, at a minimum, so that if it ends up in the wrong hands, your data and accounts can’t be accessed.
3. Ransomeware in Mobile phones and other devices
Ransomware is one of the biggest cybersecurity problems on the internet and one of the biggest forms of cybercrime that organizations are facing today. Ransomware is a form of malicious software (malware) that encrypts files, directories and documents on anything from a mobile device, single PC and even to an entire network, including servers.
Victims are left with few choices since they have been lock out of their phones and devices. They can either regain access to their encrypted network by paying a ransom to the criminals behind the ransomware attack, restore data from their backups, or hope that there is a decryption key freely available. Or they start again from scratch.
This is commonly in cryptocurrency – through a blackmail landing page. Cryptolocker and Koler are prime examples. Also by clicking some website links that looks so innocent but have disguised to attack you and if you fall a victim, your device can be encrypted in a minute.
It is a recommended that you keep your phone up-to-date with the latest firmware. Your android or iOS handset’s fundamental security protections should be on, and don’t download apps from sources outside official repositories.
4. Sim Swapping and Mobile Phone security
SIM swapping is a legitimate service offered by telecommunication companies when customers need to switch their SIM and telephone numbers between operators or handsets. The abuse of this service by fraudsters is what is called SIM hijacking.
An attacker, however, will use social engineering and the personal details they discover about you. This will include your name, physical address, and contact details, to assume your identity and to dupe customer service representatives into giving them control of your number.
In successful attacks, a cybercriminal will be able to redirect your phone calls and texts to a handset they own. Importantly, this also means any two-factor authentication (2FA) codes used to protect your email, social media, and banking accounts, among others, will also end up in their hands.
SIM hijacking usually is a targeted attack as it takes data collection and physical effort to pull off. However, when successful, they can be disastrous for your privacy and the security of your online accounts.
Hence, be at alert and protect your data through an array of cybersecurity best practices so that it can’t be used against you via social engineering. Consider asking your telecom provider to add a “Do not port” note to your file (unless you visit in person).
5.Nuisanceware and Premium service dialers
Nuisanceware is malware found in apps mostly in the android devices which makes your handset act annoyingly. The malware will force the device to either make calls or send messages to premium numbers. Sometimes may not be dangerous but still irritating and a drain on your power. Nuisanceware may show you pop-up adverts, interrupt your tasks with promotions or survey requests, or open up pages in your mobile browser without permission.
While nuisanceware can generate ad impressions through users, premium service dialers are worse. Apps may contain hidden functions that will covertly sign you up to premium, paid services, send texts, or make calls, and while you end up paying for these services the attacker gets paid.
Some apps may quietly steal your device’s computing resources to mine for cryptocurrency.
One of the best practices to avoid this, is by downloading apps from legitimate app stores and carefully evaluate what permissions you’re giving to them on your device.
6. Open Wi-fi
Public and open Wi-Fi hotspots are everywhere, from hotel rooms to coffee shops. They are intended to be a customer service, but their open nature also makes them prune to attacks.
Specifically, your handset or PC could become susceptible to Man-in-The-Middle (MiTM) attacks through open Wi-Fi connections. An attacker will intercept the communication flow between your handset and browser. Gaining access to your information, pushing malware payloads, and potentially allowing your device to be hijacked.
You also come across ‘honeypot’ Wi-Fi hotspots every so often. These are open Wi-Fi hotspots created by cybercriminals, disguised as legitimate and free spots, for the sole purpose of performing MiTM attack.
Avoid too much use of public Wi-Fi that you do not know much about. Instead use mobile networks. If you must connect to them, at least consider using a virtual private network (VPN), and also ensure network protection on your mobile phone.
7. Trojans and Financial Malware
There are countless mobile malware variants, but Google and Apple’s fundamental protections stop many in their tracks. However, out of the malware families, you should be aware of, trojans is the number one.
Trojans are forms of malware that are developed with data theft and financial gains in mind. Mobile variants include EventBot, MaliBot, and Drinik.
Most of the time, users download the malware themselves, which may be packaged up as an innocent and legitimate app or service. Once downloaded on your handset, they overlay a banking app’s window and steal the credentials you submit. This information is then sent to an attacker and can be used to pillage your bank account. Some variants may also intercept 2FA verification codes. The majority of financial trojans target android handsets. iOS variants are rare.
To avoid being a victim, try to keep your phone up-to-date with the latest firmware. Your android or iOS handset’s fundamental security protections on, and don’t download apps from sources outside official repositories. In a situation where you suspect that your phone has been compromised. Stop using financial apps, switch off your internet connection, and both run a personal check and antivirus scan immediately.
From the foregoing, it is obvious that our mobile phone and other devices are always at risk. It is up to you to protect your device from the malicious attackers to avoid compromising your personal data. It is of utmost important that we know the links we click, apps we download to avoid risking our useful information of which in peradventure can wipe out one’s bank account and other privacy related issues.