The most dangerous thing on our smartphone? OUR FINGERS! Clicking can expose us to a variety of threats….
Phone hacking and compromise can endanger your identity and privacy without you even knowing. Fraudsters continuously evolve and improve hacking methods, making them increasingly harder to spot. This means the average user might be blind sided by any number of cyber attacks.
The vast majority of Americans – 97% – now own a cellphone of some kind. The share of Americans that own a smartphone is now 290 million or 85%, up from just 35% in 2011.
Smartphones have brought our private and business accounts and their associated data into a single, convenient location — making our phones the perfect target for cyber criminals. Everything from banking to email and social media can be linked into your phone. Which means that once a criminal gets access to your phone, all your apps are open doors for cyber theft.
Below are the most common examples of these threats, as well as steps you can take to protect from them.
1. Social Engineering
Social engineering attacks are when bad actors send personalized fake emails (phishing attacks) or text messages (smishing attacks) in an effort to trick the receiver into handing over private information like their passwords or downloading malware onto their devices.
2. Data Leakage via Malicious Apps
That’s because 85% of mobile apps today are largely unsecured. Today, hackers can easily find an unprotected mobile app and use that unprotected app to create larger attacks or compromise and steal data, digital wallets, and other info directly from the app.
For example, when you visit Google Play or the App Store to download apps that look innocent enough, the apps ask for a list of permissions before people are allowed to download them. These permissions generally require some kind of access to files or folders on the mobile device, and most people just glance at the list of permissions and agree without reviewing them in great detail.
3. Unsecured Public WiFi
Check out this “experiment” conducted by a would be hacker
Spyware is used to survey or collect data and is most commonly installed on a mobile device when users click on a malicious advertisement or through scams that trick users into downloading it unintentionally.
Whether your employees/members have an iOS or Android device, their devices are targets ripe for data mining with spyware—which could include your private corporate data if that device is connected to your systems.
Dedicated mobile security apps (like Google’s Play Protect) can help you detect and eliminate spyware that might be installed on devices and be used to access company data. Ensuring device operating systems (and applications) are up to date also helps ensure that their devices and your data are protected against the latest spyware threats.
5. Poor Password Habits
A 2020 study found that 99% of the people surveyed reused their passwords between work accounts or between work and personal accounts. Unfortunately, the passwords being reused are often weak as well. “123456” being one of the most popular!
How to Know If Your Phone is Compromised
One or more of these could be a red flag that someone has breached your phone:
- Your phone loses charge quickly. Malware and fraudulent apps sometimes use malicious code that tends to drain a lot of power.
- Your phone runs abnormally slowly. A breached phone might be giving all its processing power over to the hacker’s shady applications. This can cause your phone to slow to a crawl. Unexpected freezing, crashes, and unexpected restarts can sometimes be symptoms.
- You notice strange activity on your other online accounts. When a hacker gets into your phone, they will try to steal access to your valuable accounts. Check your social media and email for password reset prompts, unusual login locations or new account signup verifications.
- You notice unfamiliar calls or texts in your logs. Hackers may be tapping your phone with an SMS trojan. Alternatively, they could be impersonating you to steal personal info from your loved ones. Keep an eye out, since either method leaves breadcrumbs like outgoing messages.
How to Protect Your Phone from Being Hacked
Don’t download unknown apps. Look at reviews and research before installing if you are unsure. If you’re not confident in safety of an app, do not install it.
Don’t Jailbreak your phone. While it allows you to download from unofficial app stores, jailbreaking ups your risk of unknowingly getting hacked. Aside from malware or spyware, this means you’ll miss security patches in the latest updates. This makes your risks of being hacked even higher than normal.
Keep your phone with you at all times. Physical access is the easiest way for a hacker to corrupt your phone. Theft and a single day of effort could result in your phone being breached. If you can keep your phone with you, a hacker will have to work much harder to get into it.
Always use a passcode lock and use complex passwords. Do not use easily guessable PINs, like birthdays, graduation dates, or basic defaults like “0000” or “1234.” Use an extended passcode if available, like those with 6 characters. Don’t ever reuse a password in more than one place.
Don’t store passwords on your device. Remembering unique passwords for every account can be difficult. So use a secure password manager instead. These services allow you to store all your secure credentials in a digital vault — giving you easy access and the security you need.
Frequently clear your internet history. It can be simple to profile trends about your life from all the breadcrumbs of your browser history. So, clear everything, including cookies and cache.
Enable a lost device tracking service. If you lose track of your device out in public, you can use a lost device finder to trace its current location. Some phones have a native application for this, while others may need a third-party app to add this feature.
Keep all apps up to date. Even trusted apps can have programming bugs that hackers exploit. App updates come with bug fixes to protect you from known risks. The same applies to your OS, so update your phone itself when you can.
Always enable two-factor authentication (2FA). This is a second verification method that follows an attempt to use your password. 2FA uses another private account or something you physically have. Apple ID and Google accounts offer 2FA, so always activate it for more security. Biometrics like fingerprints and face ID are becoming popular options. Physical USB keys are also a great choice when available.
Be cautious about using text or email for your 2FA. Text message and email 2FA are better than no protection but might be intercepted through hacks like SIM swapping.
Don’t use public Wi-Fi without a virtual private network (VPN). Get a VPN Secure Connection encrypt and anonymize your data so unwanted viewers can’t see it.