More people these days are relying on their mobile phones and tablets to do their banking, make purchases, log into online accounts, and perform other actions requiring the transfer of sensitive data. This fact is not lost on cyber criminals who see mobile devices as prime targets. You can take steps to protect your device and data better, making it more difficult for attackers to succeed. It’s also important to be aware of the threats that are out there.
Mobile device threat overview
In the past, mobile device malware was used primarily to steal account credentials. That is no longer the case. Malicious mobile apps can still intercept data, including credentials and credit card numbers, but they can also monitor text messages and record phone calls. Threat actors utilize malware to activate device microphones and cameras remotely. This allows them to eavesdrop on conversations and observe the activities of device users and others. Cybercriminals also use malicious mobile apps to access stored data, including saved images and contact information.
Some malware will allow an infected device to be used as a proxy in other attacks. The device owner could be the prime suspect if the attack results in a criminal investigation.
SMSishing attacks target mobile device users using text messages. These messages often convey a sense of urgency to cause recipients to act hastily and click on a link to a malicious website or download malware. The number of SMSishing attacks has increased exponentially in recent years. While users may be accustomed to receiving phishing emails, they generally aren’t as wary regarding text messages.
Android vs iPhone – Which is more vulnerable?
Android devices are generally more susceptible to being infected with malware.
Apps available to Android users via the Google Play Store have been screened to weed out any malicious code. Still, users also have the option to download apps from several other application stores and third-party developers. This being the case, threat actors have more options for delivering malware to Android devices.
The iPhone’s iOS operating system does not allow users to install apps from sources other than the App Store without jailbreaking the device first. Few iPhone users know how or are willing to jailbreak their devices. This makes it more difficult for criminals to infect them.
Protecting your device and data
Taking these steps will dramatically decrease the likelihood that your device will be infected or that you will fall victim to scammers:
- Install a comprehensive combination of security apps on your phone or tablet. This would include antivirus/anti-malware applications and spyware protection.
- Do not download applications from sources other than your device’s official app store. For iOS devices, this would be Apple’s App Store. For Android users, limit your downloads to the Google Play Store.
- When installing new apps, pay attention to the access permissions required. If an app requests permission to access your contacts, camera, or text messaging app, you may wish to do some additional research and read some reviews before installing. This is especially true if you cannot think of any valid reasons why the app should need the type of permissions it is requesting.
- You may encounter an app that asks for its permissions to be updated immediately after installation. This could indicate that there is malware involved and that it is attempting to download and enable additional functionality. Again, more research may be warranted before you agree to install the update. Apple’s Play Store requires that apps available for download be updated to their latest version, so iPhone users should be particularly suspicious if they download apps that immediately require updating.
- Avoid clicking on links in any messages, emails or texts from unknown sources. Do not open an email attachment unless you know the message came from a trusted sender. If an email or text message appears to be from a trusted source but is unusual, contact the supposed sender via a phone number you know to be correct (not one provided in the message) before clicking on any links or opening any attachments.
- Do not set your device to automatically connect to public Wi-Fi when it is available. Threat actors frequently monitor public Wi-Fi networks, stealing data in transit and infecting the devices thereon. If you must use public Wi-Fi, use a virtual private network (VPN) application to encrypt your data.
- Disable your device’s Bluetooth connectivity when not in use.
Occasionally reviewing the apps already installed on your device is also a good idea. If you are not using an app, uninstall it. Also, check installed applications’ access permissions and limit them wherever possible.
Final thoughts
Bad actors are continuously developing new ways to deceive you with SMSishing attacks and infect your mobile device with malware. Following the recommendations provided will significantly reduce the likelihood that you will become a victim.
If you believe your device has been infected, it may be necessary to perform a factory reset. Unless you are familiar with the process and have backed up your data, your best option is to contact your cell service provider and request assistance to resolve the issue.