Mobile Security: Cya L8R Cybercriminals

Posted by Ansel Lowry
June 01, 2021

Share Article

Let’s be real: our mobile phones are the hardest-working technological presence in our lives. The only exception might be for people who have pacemakers...maybe. It’s a GPS, an instant messenger, a gaming machine, and a portal to the world wide web all in one pocket-sized glass box. That’s crazy!

What’s even crazier is the amount of personal information that your mobile device stores in order to serve all of these functions. Defending your mobile devices from cybercriminals is critical for staying safe in this world of technology. Let’s take a look at how you can keep Siri safe (or Google...why doesn’t the Google assistant get a fun name?).

Siri
Via Giphy

Protecting Your Privacy

At this point, our mobile phones are so deeply embedded into every aspect of our life that using them feels like a completely casual, no-brainer, thoughtless kind of action. It’s super easy to take for granted just how incredibly important and downright personal they are.

Because they’re with you all the time and are capable of facilitating just about anything you’d like, from checking the weather to listening to audiobooks and beyond, your mobile devices know basically everything there is to know about you. This makes them valuable targets for cybercriminals; protecting your mobile devices is a matter of privacy.

Shoulder Surfing

Wandering eyes aren’t just attracted to laptops; your mobile devices are just as susceptible to attracting nosey strangers. When using a mobile device in public, be aware of your surroundings. Who knows what texts, old browser windows, or emails might flash by and reveal personal information. Someone may even memorize your passcode or pattern lock and use it to get into your mobile device next time you’re distracted!

peeper
Via Giphy

Passcodes & Pattern Locks

No, “1234” is not a secure answer for your passcode lock - and neither is a square or spiral for your pattern lock. You wouldn’t make your bank account password “1234,” would you? Your phone also contains your banking information (and other personal stuff), so take its security just as seriously. Come up with a password or pattern lock unique to you and hard to guess (remember, longer is stronger). 

Public Wifi & Bluetooth

Connecting to wifi may save some data, but it can also give cybercriminals direct access to your personal info. A sneaky cybercriminal can name their nefarious WiFi network anything they want - like, say, “Starbucks Free WiFi” - and then watch your online activity or snoop through your files while you’re connected. Stick to personal hotspots, MiFi, or privately owned networks. Alternatively, ask the security team if you have access to a company VPN to keep your online activity private. If you have to connect to public wifi, stay off websites and applications that contain sensitive information - stick to simple web surfing.

Like WiFi networks, Bluetooth connections can be used for less-than-savory purposes. Cybercriminals can even use a virus called BlueBorne to take total control of your phone, tablet, or other smart device (like that fancy Apple Watch) through its Bluetooth connection. By doing this, a cybercriminal can capture and even decrypt your data (meaning they can see information that’s protected, such as passwords), intercept messages, plant malware - the list goes on. BlueBorne grants cybercriminals full control over a targeted device. Keep Bluetooth turned off in public places to avoid this technological airborne virus.

App Permissions

Why does your favorite candy-themed Temple Run remake need to know your location? Trick question: it doesn’t. Only give apps the bare minimum permissions they need to serve their purpose. If you ever need to review the permissions you’ve given for the apps you’ve downloaded, you can do so through your mobile device’s settings menu.

If an app seems pushy about gaining access to permissions that it shouldn’t need, the safest thing to do is uninstall it. With so many apps available on trusted platforms such as The App Store and Google Play, there’s no reason you can’t find a different, more trustworthy app to serve the same function.

giphy
Via Giphy

Malware on Mobile Devices

It’s time to stop thinking about your phones and tablets as phones and tablets; the days of brick-sized cellphones with no capabilities other than sending and receiving phone calls are over. What you have in your pocket is a tiny supercomputer - and, like any other computer, it’s susceptible to being infected with malware.

App Downloads

Sure that cutesy mobile game you found on the internet may let you live your dream of becoming best friends with a rainbow-colored raccoon, but what’s it doing in the background? Mobile apps may appear harmless (or even useful) on the surface, but they can run malicious code in the background that can take your personal information, take control of your device, or even lock your files in demand of a ransom.

Never download apps from third-party platforms; stick to trusted sources such as The App Store and Google Play. If you’re installing an app on a company device, be sure to confirm that it’s been approved by IT or the Security team. The act of downloading software (such as a mobile app) that is not pre-approved is known as Shadow IT, and it can open whole cans of worms involving security risks that you don’t want to be responsible for! We know it’s a huge bummer to not be able to play Pokemon Go at work, but the Pikachus are just going to have to stay on your personal devices.

pokemon
Via Giphy

USB Ports

Using a super sneaky technique called juice jacking, a cybercriminal can use a public USB port to load malware onto your device. Unfortunately, this means that USB charging stations at airports, in hotel rooms, at libraries, etc. can’t be trusted. Bring your own charging block so that you can charge your devices directly through a power outlet. Pro tip: If your mobile device runs out of power often, try using a charging case or carrying around a portable charging battery.

Stay Updated

If you had a penny for every time you’d selected ‘update later’ on your mobile device, how early could you retire? Give the ‘update later’ button a rest; start keeping your mobile devices up to date.

System updates give your devices the tools they need to defend against newly-discovered cyber threats, including malware. The more outdated your operating system is, the more holes there are in your cybercrime defense system. You can even set updates to happen automatically while you sleep, so you don’t have to sacrifice that sweet, sweet screentime.

screentime giphy
Via Giphy

Phishing on Mobile Devices

Phishing is by far the most common way that cybercriminals trick people into installing malware, giving them money, or revealing personal information. During a phishing attack, a cybercriminal will contact you, pretending to be a credible source. They’ll ask you to download an attachment, click a link, or respond with sensitive information. Red flags include a fabricated sense of urgency, a sending address that’s aaaaalmost one you recognize but not quite, and a sender name that doesn’t match up with the sending address.

You’re probably most familiar with email phishing, but there are a couple of other types that are specific to mobile devices.

Smishing

When a cybercriminal launches a phishing attack through text message (SMS), this is called smishing. Most commonly, a smishing message will attempt to entice you into clicking a suspicious link, resulting in malware and/or stolen data.

Never click a link sent to you by someone you don’t know, even on a mobile device - and don’t reply to texts from people that you don’t know. There’s no good reason for a stranger to contact you via text message.

Vishing

Vishing, or voice phishing, occurs over a phone call. Cybercriminals may claim to be a vendor, a customer support specialist, a coworker, or any other manner of person they are not in pursuit of private information. They can even spoof a phone number - that is, trick your caller ID into displaying someone else’s phone number when they call. Tricky!

Like with email phishing, a forced sense of urgency is usually a telltale sign that whoever is on the other end of the line isn’t who they say they are. Trust your gut; if something doesn’t feel right, politely excuse yourself from the phone call and verify the caller’s identity by contacting them through a known, trusted channel (such as the company number listed on their website or an email address you’ve used to communicate with them before).

hangup the phone
Via Giphy

Closing

Between serving as your alarm clock, daily newspaper, calendar, weather channel, email courier, and robotic personal assistant, your mobile device does a lot for you. Return the favor by protecting it (and, by consequence, yourself!) from cybercriminals.

 

Subscribe Now

Additional Reading