Mobile phishing attacks continue to be on the rise and pose a real danger to businesses and it’s data. Business owners need to look at this, in particular in today’s climate, where staff members are using their personal devices to access work information. Due to the rush to work remotely, these devices may not have been configured correctly and may not be encrypted or have any default security measures.
Phones are an easy target for attackers due to the multiple ways a phishing attack can arrive on the device, from text to phone to email to WhatsApp to name but a few.
Technology is advancing quickly and employees can find it much more convenient, quicker and easier to do their work on their mobile devices. A lot of the time phones and tablets can provide the same functionality but in a more convenient form.
Mobile phishing attacks should be high on the agenda for discussion and can be compared to any other cyber attack. Because mobile devices have a simple, user-friendly interface, it can make it a lot more difficult to notice the signs of an attack. All of which enable better success for attackers.
Smishing
One of the lesser-known words in IT Security. This is similar to email phishing. In this case, the victim receives a text message tricking them into taking urgent action. Usually, this involves giving away their personal information, by clicking on a link in the message.
Although it’s age-old, it can still look like official communication. If you receive something and its asking you to give away personal details, such as usernames, passwords, or other sensitive information, check first. Always be suspicious. Smishing is one of the most common mobile phishing attacks.
Vishing
This is through a call. It’s when a hacker calls you and pretends to an authoritative figure so that you are more likely to give away your personal information. The best way to avoid vishing is to simply not reveal any information such as credentials, codes, or passwords, during a phone call. Instead, you can contact the organisation yourself.
We have also seen voice changers so effective in mimicking CEOs and Business Owners, so caller beware. If in doubt, call who they are purporting to be by return.
Personal or Work Email
Personal and mobile email providers have a very low standard of phishing protection. Unfortunately, this allows malicious actors to easily evade this technology and get people to fall into their trap of revealing personal information. When opening an email on a desktop computer you can usually hover over the URL and find out the location of the domain. All of which will help in determining whether the email is legitimate or a phishing attack. However, since mobile phones have a small screen it is impossible to do this.
So, if you notice an email that looks suspicious it will be much safer to open it up on the computer or check with your IT staff.
Social Media’s Messaging Platform
Cyber-criminals are now taking advantage of these fairly recent messaging platforms such as Instagram Direct Message, WhatsApp, and Facebook Messenger. They use them to entice users into downloading malware. Attackers also, use social engineering where they build a trustworthy relationship only to exploit it at the end. To prevent this you need to be cautious and not download anything that is not on a legitimate website or program. Be wary of trusting strangers on the internet with your credentials.
One attack we have seen is with LinkedIn messages. After an attacker has access to a connections LinkedIn profile, they send a message. This is then sent across to the recipient through email directly, bypassing a lot of a business’s security controls.
Permissions Granted to Applications
Check the permissions that you allow when you download any application. Hackers have very cleverly managed to take advantage of the very broad permissions that you allow when downloading an application. It is frequently overlooked as a security risk due to the false safety perception we have of our mobile phones. In fact, apps share this information to marketers who use this information to create more relevant advertisements. However, if this information lands in the hands of a cyber-criminal then your business could be jeopardised. This is because hackers will use this information to gain access to your system.
To prevent this limit the access applications have to your social media, photos, microphone, location, and more.
Don’t Be a Victim of Mobile Phishing Attacks
No one can ever be 100%.
Mobile and Tablet technology is excellent as it enables us to stay updated and connected. We can easily communicate with our colleagues and complete day to day work.
We need to be vigilant and ensure that we are using these technologies in the best and most secure way possible so as not to become a victim of these attacks.
One simple way is to make sure that all your applications are updated with the latest patches. Also never to click on links unless you are 100% sure of them.
