Phishing and scamsWhen phishing occurs, cybercriminals attempt to trick victims into sharing personal information, clicking on malicious links, downloading and inadvertently executing malware on the victim's device, or handing over account details - bank, social network, email, etc. Mobile devices are subject to phishing attacks in the same ways as PCs, including email and social networking messages. However, mobile devices are also susceptible to phishing attempts sent via SMS text messages. When it comes to phishing, it doesn’t matter whether we are using an Android device or an iOS device. To fraudsters and cybercriminals, all mobile devices are created equal for phishing attacks. Best defense: Don't click on links in emails or text messages unless you are 100% sure they are legitimate. Physical SecurityThe most basic security measure, and the one we tend to overlook the most, is physical security: physically protecting your mobile device. Without a PIN, pattern, or biometric check, such as a fingerprint or retina scan, your phone is vulnerable to tampering. Additionally, if you leave your phone unattended, it could be at risk of theft. Best defense: At a minimum, lock your phone with a strong password or PIN so that if it falls into the wrong hands, they won't be able to access your data. SIM hijackingSIM hijacking, also known as SIM swapping or SIM porting, is the abuse of a legitimate service provided by telecommunications companies when customers need to switch their SIM and phone number between carriers or phones. Typically, customers will call their telecom provider and request to switch. Attackers will use social engineering and personal details they discover about us (including name, physical address, and contact details) to impersonate us and trick customer service representatives into giving them control of our number. In a successful attack, cybercriminals would be able to redirect our calls and text messages to phones they own. Crucially, that means any two-factor authentication (2FA) codes used to protect our email, social media and bank accounts, etc., could also fall into their hands. SIM hijacking is usually a targeted attack that requires data collection and effort to pull off. It can have disastrous effects on our privacy and the security of our online accounts. Best defense: Protect data with a range of cybersecurity best practices so it can’t be used against you through social engineering. Nuisanceware, Advanced Services Dialer, Cryptocurrency Miner Mobile devices are also at risk for nuisance software and malware that could exploit the device to make calls or send messages to premium numbers. Nuisanceware is malware found in apps (more common in the Android ecosystem than iOS) that causes the victim's phone to behave in an annoying way. Typically not dangerous, but still irritating and a drain on battery, nuisanceware may constantly pop up ads, interrupt normal business with promotions or survey requests, or open pages in a mobile browser without permission. While nuisance software can generate ad impressions through users, premium service dialers are worse. Apps may contain hidden features that secretly sign up for premium paid services, send text messages or make calls, and when you end up paying for these "services", the attacker gets a commission. Some apps may quietly steal computing resources from a user’s device to mine cryptocurrency. The best defense: Only download apps from legitimate app stores, and carefully evaluate the permissions you allow them to have. Wireless networkFrom hotel rooms to coffee shops, open and unsecured Wi-Fi hotspots are everywhere. They are intended to be a customer service, but their openness also makes them vulnerable to attack. Best Mobile VPNHere's how to find an effective virtual private network service for iOS-powered iPhones and Android smartphones. Specifically, a phone or PC could be vulnerable to a man-in-the-middle (MiTM) attack over an open Wi-Fi connection. The attacker would intercept the communication stream between the phone and the browser, steal information, push malware payloads, and potentially hijack the device. We often come across fake WIFI hotspots, which are open Wi-Fi hotspots created by cybercriminals, disguised as legitimate and free hotspots with the sole purpose of performing MiTM. The best defense: Avoid public Wi-Fi altogether and use mobile networks instead. If you must connect to them, at least consider using a virtual private network (VPN). Surveillance, spying and tracking softwareSurveillance software, spyware and stalkerware come in many forms. Spyware is usually generic and will be used by cyber attackers to steal information including PII and financial details. However, surveillance software and stalkerware are often more personal and targeted. For example, in a domestic abuse situation, a partner may install surveillance software on your phone to track contacts, phone calls, GPS location and who you are contacting and when. Best defense: Antivirus scans should take care of generic spyware, and while there is no silver bullet for surveillance or tracking software, you should be aware of any suspicious or unusual behavior on your device. If you believe you are being monitored, make your personal safety your top priority. RansomwareRansomware affects both mobile devices and PCs. Ransomware will attempt to encrypt files and directories, lock the phone, and demand payment (usually in cryptocurrency) through a ransomware landing page. Cryptolocker and Koler are prime examples. Ransomware is often present in third-party applications or deployed as a payload on malicious websites. For example, you might see a pop-up request to download an application - disguised as being from a software cracker, etc. Best defense: Keep your phone on the latest firmware, turn on basic security protections for your Android or iOS phone, and don't download apps from sources other than official repositories. Trojans, financial malwareMobile malware variants are numerous, but basic protections from Google and Apple block many of them. Among malware families, Trojans top the list. Trojans are a form of malware developed with data theft and financial gain in mind. Mobile variants include EventBot, MaliBot, and Drinik. In most cases, users download malware themselves, which may be packaged as seemingly legitimate apps or services. However, once they are installed on the phone, they overlay the window of the banking app and steal the credentials submitted by the user. This information is then sent to the attacker and can be used to steal data such as bank account numbers. Some variants can also intercept 2FA verification codes. Most financial Trojans target Android phones. Although iOS variants are less common, some, including XCodeGhost, do exist. Best defense: Keep your phone up to date with the latest firmware, turn on basic security protections for Android or iOS phones, and don’t download apps from sources other than official repositories. If you suspect your phone has been compromised, immediately stop using financial apps, disconnect from the internet, and run both personal checks and antivirus scans. Mobile Device Management VulnerabilitiesMobile device management (MDM) solutions are enterprise-grade tools for employees. MDM capabilities can include providing employees with a secure channel to corporate resources and software, propagating the company’s cybersecurity solutions and scans to each endpoint device, and blocking malicious links and websites. However, if the central MDM solution is infiltrated or otherwise compromised, each mobile endpoint device is also at risk for data leakage, surveillance, or hijacking. Best defense: The nature of MDM solutions puts end users out of control. Therefore, there is no way to protect against MDM intrusions. You can maintain basic security hygiene on the device, making sure it is up to date and that personal apps and information are kept away from work devices. How to physically secure the device?The lock screen is the gateway to your device, data, photos, private documents, and apps. Therefore, keeping it secure is critical. On Android, consider the following setup:
On iOS devices, view:
What are the characteristics of a malware infection?If your Android or iOS device isn't functioning properly, it might be infected by malware or other threats. It should be noted that:
What should I do if my phone is hacked?If you suspect your Android or iOS device has been infected with malware or otherwise compromised, you should take urgent steps to protect your privacy and security. Consider the following steps:
If you receive a ransomware alert before your device is encrypted and displays a ransom note, cut off the internet and any other connections — including any wired links to other devices — and boot your phone in Safe Mode. You may be able to delete the offending app, run an antivirus scan, and clean up before any major damage occurs. However, if the phone is locked, the next steps are more limited, as removing the malware will only solve part of the problem. If you know what ransomware variant you have on your phone, you can try using a decryption tool, such as those listed by the No More Ransom project. You can also provide information to Crypto Sheriff, and researchers will try to figure out what type of malware you're dealing with, free of charge. In the worst case, you may need to perform a factory reset. Removing the ransomware will stop it from spreading further, but it won't recover the encrypted files. If you've been backing up your data, you may be able to restore your device after the reset. Keep in mind that paying the ransom does not guarantee that your files will be decrypted.
But let's say a partner or other close contact is monitoring you and you try to delete a tracking software app from your phone. In this case, they will be alerted directly or they will realize it because they no longer receive your information. First, to reduce risk, consider linking important “hub” accounts, financial services, and cryptocurrency wallets to a number that is not publicly associated. A simple pay-as-you-go number will work, so if a personal or work number is compromised, the potential for theft is limited. |
<<: Better than the built-in file manager in Windows 11? Files App
>>: Xingfuli C-side iOS compilation optimization practice - 40% optimization time consumption
Nowadays, many fission methods are carried out th...
END Editor: Guru...
1. Introduction 1. Background 2. Experience the e...
Recently, the topic of "Is the stomach reall...
Editor's Note: How to build a component libra...
As an operator, we constantly optimize the intera...
Author: Duan Yuechu and Huang Xianghong According...
Preface This article mainly introduces some small...
Guangdiantong is one of Tencent’s two major infor...
Undoubtedly, Sony has declined, or it can be said...
In this era of rapid development of mobile Intern...
The landing page is an important part of relation...
Today we will make a simple summary, that is, bri...
“Just like true love, you never need to chase aft...
The "Personal Information Protection Law&quo...