Mobile activity accounts for roughly half of all web traffic worldwide. While we are vigilant on our desktops and laptops with cyber security and antivirus software, mobile security is far less considered. Given that cyber criminals are ruthlessly opportunistic, mobile-targeted attacks have risen sharply over the last decade.
Is the Wi-Fi network you are connected to completely safe? What about that app you just downloaded? Are you sure it is from a trustworthy source, or could it be stealing your data?
Here’s some of the biggest mobile threats that you should be looking out for.
Unsecured Wi-Fi
No one wants to use up their data when wireless hot spots are available, but free public Wi-Fi networks are usually unsecured. This means others can potentially view information you are sending and receiving while you are connected to a public Wi-Fi network, like in a hotel, at the airport or in a café. To be safe, try to avoid using public Wi-Fi unless you absolutely have to and even then, never use it to access confidential or personal services, like banking or email.
Smishing Attacks
A smishing attack is similar to a phishing email attack, but this attack will come through in the form of an SMS on your phone. The SMS will be from a random number, often asking you to click through to a link asking you for more information. The message could be in the form of a threat that asks you to take action or pay money, or be a notification that you have won a prize and you need to enter your details to claim it.
If you receive any such text, delete it and block the number. You can also report the text to the Australian Communications and Media Authority (ACMA) by forwarding the message to ACMA on 0429 999 888. Read more about smishing here.
Spyware
Is someone spying on you? If you leave your phone unattended and unlocked, even for a moment, people can use this opportunity to install spyware on your phone. This could be done by an acquaintance, a stranger, a colleague or even a partner. Mobile spyware is software that can be installed on a mobile phone that will allow someone else to remotely monitor activities on the phone. This mobile treat is considered a form of abuse and it is illegal.
Spyware can monitor:
- Call history, including phone number, date, and length of call
- Internet browsing, including history and bookmarks
- Email downloaded onto the phone
- Text messages, including phone number and content
- Contacts
- Location of the phone
- Photos
- Certain messaging apps, such as WhatsApp, Viber, Skype
- Phone conversations
- Using the phone’s microphone to record the phone’s surrounding
If you suspect Spyware has been installed, go to the police. You can also reset the phone to the factory settings which should remove the spyware from the phone.
Mobile Malware
This is malicious software in the form of an app that will breach your private data. Mobile threats on apps are often the cause of unintentional data leakage. These are typically free apps found in official app stores. They send personal data to a remote server, where it is mined by advertisers, and sometimes, by cybercriminals. To stop an app from divulging your personal information, only give apps the permissions that they need in order to function.
For example, does a weather app need to access your microphone? Does a game need access to your emails? The answer is almost always no. Photo-editing apps and filter apps will need to access your photos, so only use photo apps from reputable developers. If an app is asking for access to data it doesn’t need to function, uninstall it.
Imposter Apps
Even though these are regularly removed by administrators on app stores, imposter apps keep popping up. These apps pose as official banking, social or email apps in order to gain access to your personal information. They mimic the look and functionality of the intended app so they appear trustworthy.
To check the legitimacy of an app before you download it, check the reviews. If the app rating is low with multiple complaints, it is likely suspect. Look for grammar mistakes in the app description – another sign it is not professionally developed. Also, check the number of downloads. Legitimate Android and Apple apps have millions or even billions of downloads. If you see a popular app with only several thousand downloads, it’s most likely a counterfeit. If in doubt, don’t download.
Hidden Ads Trojan Apps
Are you getting popup advertisements on your phone? You might have a hidden ad trojan. When some apps are downloaded, they may have in-built malicious software that brings up advertisements on your mobile.
If this is happening to you, check the apps you have downloaded recently. Are there any app icons that you don’t recognise, or are there icons that look to be masquerading as phone icons – such as settings, camera or messages? Do a full sweep of your phone and uninstall any apps that you don’t need. If the issue keeps happening, you may want to restore your phone to factory settings.
Spoof Networks
While we don’t recommend using public Wi-Fi, it can sometimes be unavoidable. Spoof networks are set up to mimic Wi-Fi networks in the same location, but will harvest your information for criminal use. These networks may appear to be generic with names such as “cafe”, “hotelguest” or “freeairport”. They may even mimic the name of the business where they are located.
If you do need to use public Wi-Fi, make sure the Wi-Fi you are using is as trustworthy as possible, so ask the staff at a hotel or café for the name of the Wi-Fi and never download anything the network asks you to.
Want to know more?
Ask Evologic how we can help improve mobile threats for your business, including educating your staff on best practice. Contact us here or call us on 1300 887 778.
