Scammers, phishers and fraudsters regularly target PCs and laptops, but now they’re coming after our our smartphone security.
Alarmingly, new research shows we are less likely to know the dangers of smartphone attacks and are also less likely to secure our smaller devices against criminal scams.
As smartphones become ever more vital to daily life the risks associated with them have increased dramatically.
Consumers are now pretty savvy about computer security but what we tend to forget is our phones are mini computers and contain access to personal and financial information which can be very valuable to a criminal.
The truth is, smartphones are at greater risk from cyberattacks as they are used more frequently and widely than laptops and desktop computers, they connect with unsecure WiFi and are often unprotected.
Criminals will exploit this lack of awareness and security.- Jean-Baptiste Carpentier: 360 Security
Everything everywhere except secure files
These pocket computers contain data on all the people we know, our social media profiles, online banking details and possibly work files and passwords too.
And yet it seems most owners remain blissfully unaware of the dangers.
A recent 360 Security survey exposed the fact that 81 percent of UK consumers did not consider mobile phones to be a target for cybercriminals.
And while 92 percent said they had antivirus systems on their PCs and laptops, more than half admitted they had not done the same for their phone.
Top tips to keep your phone safe
Fake apps are a big problem
Hackers are practical people; they follow the money. And we can tell you now, the money is in apps.
One of the key threats against mobile phones is the massive proliferation these apps.
Google Play recently announced downloads had reached 65 billion since the it was established.
Google’s rival Apple App Store was created in 2008 and since then 140 billion apps have been downloaded.
Any self-respecting cybercriminal will see this as a goldmine for exploitation.
Add in the fact that we as users remain wilfully ignorant about the dangers, then we’re not only drawing a big target on our backs, we’re inviting hackers to shoot, too.
Avast’s security blog found that despite protections, malicious developers can still slip past Google Play security and get their fake app onto the platform.
All they need is a plausible-sounding name that references a well-known product like the traffic app Waze, pack it out with a few fake reviews, and they’re away.
How to spot a fake app
Check the number of ratings the app has. Normally mainstream apps will have thousands of ratings.
Keep an eye on the developer’s name – if it sounds unofficial or dodgy then steer well clear.
Pokémon Don’t: Fake apps mess with your smartphone security
Last year researchers discovered more than 215 fake Pokémon Go apps designed to cull users’ data once installed.
One such spoof app was downloaded 500,000 times before it was discovered and warnings plastered across the net – but despite the alarm it was eventually downloaded 10 million times.
One fallout from the fake Pokémon apps was phones being infected with what are known as scareware adverts.
These lock up your device or browser temporarily, fooling users into thinking their phone is infected and getting them to pay for unwanted services.
At the time malware researcher Lukas Stefano said: “The virus removal masquerade is only one example of the apps’ scareware techniques.
“They can also download other applications, create surveys and display scam ads where the user
allegedly won prizes, such as the new iPhone, Samsung Galaxy or even large amounts of money.”
Malware in games is a big issue
Malware embedded in gaming apps is so endemic that back in 2013 research suggested 90 percent of popular games like World of Warcraft, Minecraft, Runescape and League of Legends were infected.
That is a sobering thought.
This year saw the iconic Super Mario targeted by hackers. Jordan Pan from Trend Micro said: “Since 2012 we have found more than 9,000 apps using the Mario name on various sources online.
“About two-thirds of those apps show some kind of malicious behaviour, including displaying ads and downloading apps without the users’ consent. Since the start of the year we have detected these malicious apps approximately 90,000 times.”
Protecting your phone
The pace of mobile app development is, to say the least, frenetic. And for users sometimes bewildering. But there are a number of rules that if followed will greatly reduce the chance of becoming a crime statistic.
- Just as you have with your PC, get security software for your phone. Your phone needs it. The most basic ones will scan your apps for anything amiss. Others are able to lockdown your phone remotely if lost and some can wipe data remotely.
- Be careful of apps that are websites, especially if littered with ads.
- Avoid third-party app sites or allowing your phone to install third-party apps. Instead use Google Play and Apple Store. While you might miss out on smaller developers it is relatively safer in the long-run.
- Pay close attention to ratings and reviews. Especially other customer reviews. If a large majority were all written on the same day, or they are all glowing reviews be suspicious. Cybercriminals do employ people simply to write fake reviews of their apps.
- Fake apps may also demand the user gives them a five-star review before they can download and use the app.
- Examine the permissions that apps ask for. If there are too many requests or they don’t seem appropriate to the function of the app, be suspicious. Especially be wary if the app seeks access to your Device Manager.
- Good housekeeping of your phone: it is estimated that 25 percent of all apps downloaded by users were only used once so maybe it’s time to go to your Application Settings and remove them.
It’s a sad fact of our connected lives but to stay safe you have to have a little natural suspicion.
Just because you’re paranoid doesn’t mean they’re not after you.
MAIN IMAGE: Bokeh composite