Mobile devices such as smartphones and tablets have worked their way into every part of our society and culture. Due to our dependence on mobile technologies to do everything from talking to our best friend to sending in a class assignment, it is no wonder that they are increasingly at risk from cyber thieves looking for a goldmine of personal information. Here is some great information about security for your mobile devices provided by Cofense.
Common tactics
There are multiple ways cyber thieves can access your information on your mobile device:
- Phishing and spear-phishing: You can be phished for information on your mobile device through email just as easily as an email on a desktop. The more people rely on mobile devices to get into their email the easier this scenario becomes a reality.
- Smishing: Like their counterparts phishing attacks, smishing incorporates use of your text messaging app by requesting you click on a link to send the thieves personal information. Find out more about smishing.
- MFA fatigue: When someone gains information about a username and password and then attempts to log in using multifactor authentication (i.e. Okta Verify). The hope is an unsuspecting user will approve a push notification out of habit even when they aren’t actively attempting to authenticate. Only approve Okta Verify notifications if you are actively trying to login.
- App clones: Think of your favorite smartphone ap. Did you download the official app, or one of the thousands of clone apps that are out there to steal your information and possibly your money? Make sure you verify the app is the official app- downloaded from the app store for your mobile device or through the actual company that puts out the app.
- App vulnerabilities: Hackers are constantly looking to exploit problems within the code of the app itself. This is one of many reasons that it's important to keep all your apps up-to-date. Most developers put out updated versions of their app when vulnerabilities are discovered.
Best practices for keeping safe
- Use a Virtual Private Network (VPN): Be wary of connecting to public wireless networks. If your only option is to connect to an unsecured network, use a trustworthy VPN to send and receive information securely.
- Be prepared: Phones are lost and stolen all the time, and without a way to wipe data remotely if your device is stolen, data can be easily extracted. Set up "Find my Phone" and "Remote Wipe" apps ahead of time to locate a lost device or restore your phone to factory settings in case it cannot be found.
- Examine links before clicking: The smaller screen size on a mobile device makes it more difficult to spot indicators of a phish, increasing your risk of falling for a scam.
- For mobile devices: For most mobile devices touch and hold the link until a pop-up menu appears. Be careful though because quickly tapping and releasing will follow the link, which could be malicious.
- For desktops: Hover your cursor over the link to view the URL.
- Remember when hyperlinks contain shortened URLs, you cannot verify the destination URL by hovering your cursor on your desktop or touching and holding the link on your mobile device!
- Use multifactor authentication (MFA) whenever available: MFA is an added layer of security. After entering your password, you must use a second method to verify your identity like answering a set of security questions.
- Keep device and software up-to-date: Be vigilant, and install updates as soon as they are available.