Is your mobile phone vulnerable?
From iPhones to Android phones, the proliferation of smartphones has made consumers more vulnerable to scams aimed at getting banking and other personal information. So far, the attacks aren’t as widespread as they are on the Internet, but they are expected to increase as more consumers use their smartphones to conduct banking transactions.
“The bad guys out there want to target the platforms that give them the biggest bang for their buck,” says Andrew Hoog, chief investigative officer at viaForensics, the Chicago-based digital forensics and security firm. “The new juicy target is smartphones.”
Many smartphone users use their phones for work as well as pleasure. That means scam artists have access to potential business information and personal data that can compromise someone’s identity.
Mobile phishing attacks
Just like the Internet, a longtime platform for scams, smartphones are becoming similarly susceptible to attacks. While many people are trained to be wary of unsolicited emails, people tend to have their guard down when it comes to text messages and phone calls, says Mark Kanok, senior product manager at Symantec, a security software company in Mountain View, Calif.
“It’s surprising that people are more trusting when they hear a live voice even though they are asking for fairly sensitive information in an unsolicited fashion,” says Kanok. That trust exposes people to scams, including a mobile phishing attack called “smishing.”
In this scam, a smartphone user will receive a text or phone call from what appears to be a bank or other company, urging the user to call a phone number or visit a website. Once the call is placed or the target visits the website, he or she will be asked to give sensitive information. With that information, the scammer can open up credit cards and bank accounts, wreaking havoc on the victim’s identity and financial standing, Kanok says.
Smartphone apps have hidden dangers
With the adoption of smartphones came the emergence of applications that people can download to their smartphones. Most of these apps are legitimate, but some apps are fake, designed to steal information or use the phone to fraudulently make money, says Tom Field, editorial director for the publisher Information Security Media Group, based in Princeton, N.J.
In one scheme, fraudsters created a mobile banking app that appears legitimate but is a device designed to capture sensitive banking data. In another, Kanok says the smartphone user can be tricked into downloading what he or she thinks is an app but is really software that sits in the background of the phone sending out text messages to a premium rate telephone number.
At the end of the month, unexpected phone charges show up on the phone bill. It’s similar to a TV show where you are charged to text in your vote for a particular contestant. Here, you don’t know you are making phone calls or how many times, and the person who set up the phone number walks away with the money, says Kanok.
Surf with caution
Even surfing the Web on a mobile device using a public Wi-Fi hot spot can make you vulnerable to an attack. According to Hoog, it’s very cheap and easy for a fraudster to buy a wireless router and give it a name, say Starbucks or another well-known access point. You could be in Starbucks sipping your latte thinking you are checking your bank account on Starbucks’ network. But you are really surfing the Web via the network the fraudster sitting 50 feet away created to grab your sensitive information, he says.
“It is relatively easy to sniff out logins and passwords in public Wi-Fi settings,” says Kanok. “It might be someone sitting in the corner pretending to be at a T-Mobile HotSpot.”
How to protect yourself
There are steps you can take to protect yourself from a smartphone attack. Field says to avoid unsolicited text or email requests, especially of a financial nature. Instead, play it safe and call the financial institution directly. Field also says to download the mobile applications offered by your bank rather than from third parties.
“You want to go with something mother-tested and mother-approved,” Field says.
When surfing the Web with a mobile phone, Hoog says people should go through their data network provider instead of a Wi-Fi hot spot. It will cost you more, but the carrier’s network is more secure, he says.
If you get a text asking you go to a website, do a Google search to make sure the URL is legitimate, Hoog says.
Also, make sure your phone is password-protected, should you lose it. Many smartphones can be set up to automatically wipe all data from the phone after you make a certain amount of attempts to log in, Hoog says.
“The thing consumers have to remember,” Field says, “is that schemes and scams are evolving daily, and it’s a cat-and-mouse game with fraudsters.”