Three Mobile Threats To Watch Out For

by | Nov 14, 2019 | Cyber Security | 0 comments

Cellphones Have Shaped The Current World.

Whether we’re talking about a smartphone or tablet, these devices have undeniably changed the the 21st century and it’s not going to slow down any time soon. Though while consumers are distracted by having access to a plethora of entertainment, cybercriminals are busy setting up shop to prey on unsuspecting mobile users. In recent years cybercriminals have ramped up their focus on mobile threats–some that most users may not even be aware of. A few of these devious cyberthreats are malicious apps, SMiShing, fake networks, and malicious applications, all of which have grown more and more inconspicuous over the years. This means users are going to need to get equipped with the knowledge to protect themselves when it comes to mobile cyberthreats.

SMiShing Hooks

I’m sure all of you already know what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMiShing. This growing threat allows cybercriminals to take advantage of messaging apps in order to send unsuspecting users an SMS message, or in other words a SMiShing message. The purpose of these messages is to obtain personal information, such as financial or login info. With that information, cybercriminals can impersonate victims to access their online banking, steal their identity, or obtain other personal utilities. 

What was once considered to be an infrequent threat, SMiShing is now considered to be among the most common of mobile threats. A significant reason that this has become so frequent is likely to be the widespread awareness when it comes Phishing, a more traditional threat that targets the victim’s email rather than phone number. The second, and much more obvious reasoning, is the rampant increase in mobile phone users over the past 5 years. This type of threat does is not likely to slow down any time soon, but there are still ways to avoid getting tricked by a SMiShing message.

Double check the supposed source of the message. For example, you receive a shortcode text from you bank due to a service or action that you do not recognize. Call the bank to make sure it was really them who sent out this message! Cybercriminals can also generate shortcodes on their own to get you to give them your personal banking credentials.

Delete potential SMSishing. Potentially obvious here, but always important to reiterate. If you believe a message you have received to be a possible SMiShing attempt, NEVER reply or click the links, as it could lead to you being flagged as a potential target and lead to more SMiShing attempts down the line. Just delete them immediately.

Be Wary of Public WiFi

Nowadays, free public WiFi is a common commodity, with some places even having city-wide Wi-Fi available for anyone to use. But these networks may not be the most secure and safe choice, given that cybercriminals can target them and exploit weaknesses in these networks to intercept chats, private credentials, or other personal info. Beyond just exploiting weaknesses, there are some cybercriminals that will take it a step further and create entire fake networks with common or unsuspecting names that trick users into connecting their devices to them. These networks are called “evil-twin” networks.

Only use password-protected networks. It might seem counterintuitive when you’re looking for public wifi, but if you purposely enter the incorrect password but are still allowed access, the network is most likely a fraud.

Use a VPN! (Virtual Private Network). While you’re using public Wi-Fi, add an extra layer of security in the event you accidentally connect to one of these phony malicious networks. VPNs will encrypt your online activity and private data and keep it away from those looking to steal it.

Malicious Apps: Hidden in Plain Sight

Fake and fraudulent apps have become rampant in both the iOS App Store and Google Play Store. This is mainly in part due to malicious apps hiding in plain sight inside these two legitimate sources for mobile applications. After all, Google and Apple wouldn’t let us download harmful apps, right? Right?? After the user downloads a malicious app, cybercriminals deploy the malware which typically operate in the background of their mobile devices, This makes it difficult for users to realize anything is wrong. And while they think they’ve only just downloaded another ordinary app, the malware is hard at work collecting their personal data.

Check for easily missed typos and odd grammar. You should double check the app developer name, as well as the title of the application and description for typos and grammatical errors. Malicious developers will often edit real developer IDs with small adjustments, even by just a single character.

Look at the download statistics. If you’re attempting to download a new popular app, but it has less download than you would anticipate, it’s likely a fraudulent copy. Developers of mobile threats will often hop onto any and all app trends.

Read the reviews. When it comes to malicious apps, user reviews are your best friend. By reading a few, you can receive the proper information that can help you determine whether or not the app is fake. It also doesn’t hurt to do a quick google search of the app name, which can often lead you to immediate results if the app is fake and notorious for being so.