Estimated reading time: 5 minutes
More people these days are relying on their mobile phones and tablets to do their banking, make purchases, log into online accounts, and perform other actions requiring the transfer of sensitive data. This fact is not lost on cyber criminals who see mobile devices as prime targets. There are steps you can take to better protect your device and data, thereby making it more difficult for attackers to succeed. It’s also important to be aware of the threats that are out there.
Mobile device threat overview
In the past, mobile device malware was used primarily to steal account credentials. That is no longer the case. Malicious mobile apps are still capable of intercepting data including credentials and credit card numbers, but they can also monitor text messages and record phone calls. Threat actors utilize malware to remotely activate device microphones and cameras. This allows them to eavesdrop on conversations and observe the activities of device users and others. Cyber criminals also use malicious mobile apps to access stored data including saved images and contact information.
Some malware will allow an infected device to be used as a proxy in other attacks. If the attack results in a criminal investigation, the device owner could end up being the prime suspect.
SMSishing attacks target mobile device users using text messages. These messages often convey a sense of urgency in an attempt to cause recipients to act hastily and click on a link to a malicious website or download malware. The number of SMSishing attacks has increased exponentially in recent years. While users may be accustomed to receiving phishing emails, they generally aren’t as wary when it comes to text messages.
Android vs. iPhone – Which is more vulnerable?
Android devices are generally more susceptible to being infected with malware.
Apps available to Android users via the Google Play Store have been screened to weed out any that may be malicious, but users also have the option to download apps from a number of other application stores and third party developers. This being the case, threat actors have more options available for delivering malware to Android devices.
The iPhone’s iOS operating system does not allow users to install apps from sources other than the App Store without jailbreaking the device first. Few iPhone users know how to, or are willing to, jailbreak their devices. This makes it more difficult for criminals to infect them.
Protecting your device and data
Taking these steps will dramatically decrease the likelihood that your device will be infected or that you will fall victim to scammers:
- Install a comprehensive combination of security apps on your phone or tablet. This would include antivirus/anti-malware applications and spyware protection.
- Do not download applications from sources other than your device’s official app store. For iOS devices, this would be Apple’s App Store. For Android users, limit your downloads to those available from the Google Play Store.
- When installing new apps, pay attention to the access permissions required. If an app requests permission to access your contacts, camera, or your text messaging app, you may wish to do some additional research and read some reviews before installing. This is especially true if you cannot think of any valid reasons why the app should need the type of permissions it is requesting.
- You may encounter an app that asks for its permissions to be updated immediately after installation. This could indicate that there is malware involved and that it is attempting to download and enable additional functionality. Again, more research may be warranted before you agree to install the update. Apple’s Play Store requires that apps available for download already be updated to their latest version, so iPhone users should be particularly suspicious if they download apps that immediately require updating.
- Avoid clicking on links in any messages, email or text, that come from unknown sources. Do not open an email attachment unless you are sure that the message came from a trusted sender. If an email or text message appears to be from a trusted source but is unusual in any way, contact the supposed sender via a phone number you know to be correct (not one provided in the message) before clicking on any links or opening any attachments.
- Do not set your device to automatically connect to public Wi-Fi when it is available. Threat actors frequently monitor public Wi-Fi networks, stealing data in transit and infecting the devices thereon. If you must use public Wi-Fi, be sure you are also utilising a virtual private network (VPN) application to encrypt your data.
- Disable your device’s Bluetooth connectivity when not in use.
It is also a good idea to occasionally review the apps that are already installed on your device. If you are not using an app, uninstall it. Also check installed applications’ access permissions and limit them wherever possible.
Bad actors are continuously coming up with new ways to deceive you with SMSishing attacks and to infect your mobile device with malware. Following the recommendations provided will greatly reduce the likelihood that you will become a victim.
If you have reason to believe that your device has been infected, it may be necessary to perform a factory reset. Unless you are familiar with the process and have backed up your data, your best option will be to contact your cell service provider and request assistance in resolving the issue.
Want to learn about other attack methods and protect yourself? Find out more about Phishing and Vishing in our How to Spot Phishing, Smishing, and Vishing Scams article.