As smartphones and tablets are used more and more for online banking, online shopping and online transactions, they are being increasingly targeted by criminals, identity thieves and malware.
Currently, the most severe security threats on mobile devices are:
1. Premium SMS fraud or toll fraud
This involves the criminal setting up a pay-for premium number that charges your account when it receives an SMS from your device. There are various ways in which the criminal gets your device to send an SMS to this premium service:
(a) An SMS message is sent to your device enticing you to SMS the premium number, often on the pretence of receiving your voicemail.
(b) Malware installed on your device silently in the background sends an SMS to the premium number. The malware could be an innocent app which executes the malicious code in the background, unknown to the user. The user may be prompted to install the malicious app by clicking on a link in an SMS message or email, or by clicking on a link on a malicious website or on social networking sites. The malicious app could also be an innocent-looking app downloaded from the app store.
2. Phishing attacks
Mobile devices are particularly vulnerable to phishing attacks as the full url is often obscured on the smaller screen of the mobile device browser. In a phishing attack, the user is directed to a malicious website that emulates a legitimate website such as the user’s bank. The purpose of the phishing attack is to gather personal information such as username, password, bank account number, credit card number. Users can be enticed to click on a phishing link in an incoming email or SMS (known as Smishing or SMS Phishing).
3. Lost or stolen mobile device
Mobile devices are popular targets for thieves and are often negligently left behind by owners in public places. The danger of stolen and lost devices is the sensitive data that is contained on your mobile smartphone or tablet. This is a common source of sensitive data in identity theft. Data that can be harvested includes your personal data, your address book data, stored data such as banking and credit card data, and data stored in your SMS messages and emails.
4. QR code scams
QR (Quick Response) codes are square matrix bar codes often placed in magazine adverts or on posters or billboards. They contain information that can be interpreted by a mobile device, often used to direct the device to a website. The security danger is that the website destination is obscured from the user. If a criminal places a sticker on top of the real QR code, directing unsuspecting users to malicious websites, it is difficult to detect.
5. Malicious malware installed on “open” devices
The app stores run by the manufacturer of your device’s operating system (such as Apple or Android) generally carefully pre-check the apps to ensure they do not contain malware. Some users “open” their devices to enable the installation of software that has not been vetted by the official store. On iPhone this is known as “Jailbreaking”, and on Android it is known as “Rooting”. This activity obviously opens the device to increased threat.
What can you do to protect yourself?
1. Be careful of what you download, and the links you click on from SMS or email, particularly if they purport to come from your bank or offer to take you to your voicemail.
2. Be particularly careful to ensure that QR codes are genuine and have not been tampered with.
3. Lock your device when not in use, by activating the device password, and install a remote lock and wipe application that can be triggered in the event your device is lost or stolen.
4. Turn off features not needed on your smartphone, such as geo-location.
5. Read reviews and the number of downloads on the app store, before installing software.
6. Install specific anti-phishing software on your mobile device.
7. Avoid “jailbreaking” your iPhone device, or “rooting” your Android device.
8. Before disposing of your mobile device, reset it to the factory default in order to clear all personal data.