Mobile Phishing: Don’t Click the Link

Let’s face it, in today’s world it’s difficult not to check your mobile device frequently. On top of using devices for communication purposes, they can be used for anything else you can think of too. Lost? Just open your maps app. Looking for a place to eat in a new location? There’s an app for that too. Endless information and tools come from these devices leaving tons of tiny locations hackers can penetrate.

According to new research from mobile security company Lookout, “the rate at which victims are falling for phishing attacks on mobile has increased an average of 85% a year, every year since 2011.” Particularly since the rise in Bring Your Own Device (BYOD) policies in the workplace, mobile devices have changed the game for hackers. Think about how much important information is stored on your phone. Do you use a bank app? What sensitive information have you shared in your email? It’s important to use best practices and try to be aware of your cybersecurity at all times. The security of your data depends on it.

Forms of Mobile Phishing

SMS Phishing or Smishing

One of the most popular forms of SMS phishing, also known as smishing, are malicious links sent through an SMS text. Have you ever received a text from an unknown number in your area code saying you are the lucky winner of a contest? Well, you didn’t win, and please don’t click that link. Anyone who’s already clicked that link unfortunately knows that it was sent by a cybercriminal. An annual Phishing Trend Report performed by Phishlabs noted that most people open and read texts reflexively, and don’t expect to receive malicious messages.

Additionally, SMS phish are more difficult to track and respond to than traditional phishing attacks. This is due to the fact that the routing that leads to a text landing in your queue is not accessible. The only way to report this kind of attack is through screenshots which can only provide limited data. Before you click on any link in a message you’ve received take a second to look for the signs. These could be errors in spelling or punctuation, an offer that too good to be true, an attempt get you to act quickly, or lack of personal information. From a business standpoint, having a Mobile Device Management solution in place is a necessity.

Mobile Apps

Another popular form of mobile phishing involves bank apps. If you have a smart phone and a bank account, you’re most likely using your banks mobile app. A new survey from Avast, a multi-national cybersecurity firm, found that one in three worldwide users mistakenly believed that a fake mobile banking app was the real thing. There is nothing more enticing to a phisher than your bank account credentials. Phishers create kits that allow them to bypass security checks, mainly in Android devices.

Phishers typically mimic banks with huge customer bases like Citibank, Wells Fargo, and Chase. Once the victim has downloaded the malicious app they will most likely receive a notification saying there has been fraud on their account and will receive a link to update their login information. Once they’ve clicked on the link their credentials are immediately sent to the hacker. One way to avoid infection from malicious apps is to only install apps from trusted app stores and keep your smartphone up to date. Sometimes the latest security update can be what protects you from losing your sensitive data.

Your mobile device is important, but your security is even more important. Don’t fall victim to mobile phishing because you didn’t take the proper precautions. Contact The TNS Group today for more information on how to protect yourself from hacking.