Let’s face it, in today’s world it’s difficult not to check your mobile device frequently. On top of using devices for communication purposes, they can be used for anything else you can think of too. Lost? Just open your maps app. 

Looking for a place to eat in a new location? There’s an app for that too. Endless information and tools come from these devices leaving tons of tiny locations hackers can penetrate.

According to new research from mobile security company Lookout, “the rate at which victims are falling for phishing attacks on mobile has increased an average of 85% a year, every year since 2011.” Particularly since the rise in Bring Your Own Device (BYOD) policies in the workplace, mobile devices have changed the game for hackers. 

Think about how much important information is stored on your phone. Do you use a bank app? What sensitive information have you shared in your email? 

It’s important to use best practices and try to be aware of your cybersecurity and social engineering at all times. The security of your data depends on it.

Forms of Mobile Phishing

mobile-phishing-1

SMS Phishing or Smishing

Mobile phishing is a type of phishing attack that targets victims through their mobile devices.One of the most popular forms of an SMS phishing scam, also known as smishing, are malicious links sent through SMS text messages. Have you ever received a text from an unknown number in your area code saying you are the lucky winner of a contest? Well, you didn’t win, and please don’t click that link. 

Anyone who’s already clicked that link unfortunately knows that it was sent by a cybercriminal. An annual Phishing Trend Report performed by Phishlabs noted that most people open and read texts reflexively, and don’t expect to receive malicious messages.

Additionally, SMS phish are more difficult to track and respond to than traditional phishing attacks. This is due to the fact that the routing that leads to a text landing in your queue is not accessible. The only way to report this kind of attack is through screenshots which can only provide limited data. 

Before you click on any link in a message you’ve received take a second to look for the signs. These could be errors in spelling or punctuation, an offer that too good to be true, an attempt get you to act quickly, or lack of personal information. From a business standpoint, having a Mobile Device Management solution in place is a necessity. Otherwise hackers can steal personal details of your team members and things like credit card numbers, usernames, and passwords.

mobile-phishing-2

Mobile Apps

Another popular form of mobile phishing involves bank apps. If you have a smart phone and a bank account, you’re most likely using your banks mobile app. A new survey from Avast, a multi-national cybersecurity firm, found that one in three worldwide users mistakenly believed that a fake mobile banking app was the real thing. 

There is nothing more enticing to a phisher than your bank account credentials. Phishers create kits that allow them to bypass security checks, mainly in Android devices.

In one recent attack, cybersecurity company Lookout uncovered a new kind of phishing attempt that targeted mobile users. In this particular attack the victims received a phishing message through their device alerting them of unusual activity on their bank accounts. Those who fall for the trick are then lead to a fake website. 

This fake website was designed to look almost identical to the bank’s phone application. The hackers were then able to steal usernames, passwords, account numbers and information that was provided through security questions. These kinds of attacks are becoming much more common and causing many more data breaches and issues such as identity theft.  

Phishers typically mimic banks with huge customer bases like Citibank, Wells Fargo, and Chase. Once the victim has downloaded the malicious app they will most likely receive a notification saying there has been fraud on their account and will receive a link to update their login information. Once they’ve clicked on the link their credentials are immediately sent to the hacker. 

One way to avoid infection from malicious apps is to only install apps from trusted app stores and keep your smartphone up to date. Sometimes the latest security update can be what protects you from losing your sensitive data.

mobile-phishing-3

Ways to Avoid SMS Phishing

Just like typical phishing that might occur via email, there are ways to avoid becoming a victim to SMS phishing. First, go with your gut if the number seems odd to you. In most cases if it’s not a valid number it’s not a valid message. Along with that it’s important to pay  attention to spelling. If there are errors in grammar or spelling it’s usually a hacker. 

As mentioned before, if the offer seems too good to be true it’s fake. This could be a cruise or some kind of lottery. It may be  enticing but that’s a large aspect of social engineering. Additionally, if there’s a lack of personal information in the message or it’s from an organization you’ve never  heard of or been contacted by before, do not click any link. 

Your mobile device is important, but your security is even more important. Don’t fall victim to mobile phishing because you didn’t take the proper precautions. Contact The TNS Group today for more information on how to protect yourself from hacking.

Categories: Managed Service Provider, MSP Blogs