In January we made the prediction that 2016 would be a big year for mobile security. It was the understatement of the year.
According to the report recently released by Intel Security, mobile malware increased 24% in the Q4 of 2015 compared to Q3. Why is this happening and why is it a problem? As mobile performance increases, we tend to rely on our phones and devices for more tasks that were traditionally handled on our desktops. More and more banking, bills, and shopping are handled over mobile devices, and cybercriminals are getting more sophisticated and homing in on these devices as targets. Enough of our personal data is stored on these devices for them to be worthwhile targets.
Main threats facing mobile
MMS & SMS phishing, also known as SMiShing is exactly what it sounds like. Just as phishing attacks commonly come to your inbox with a link that you shouldn’t click, this is the text messaging equivalent.
Clicking a dangerous link can install malware on your phone simply by taking you to a site that hosts it. Some of these links may open a lookalike page for a familiar site, such as that of your bank, prompting you to log in, thus giving up your private login info. A little sophistication on the side of cybercriminals can give them access to your device, allowing them to control it and steal your personal data and passwords.
Installing infected apps
There are many “lookalike” apps, posing as the real thing on unofficial stores that allow users to download them free of charge as a “workaround”. What users don’t realize is that they are willingly installing malware on their device. Some reports that up to 25% of mobile apps include at least one high-risk security flaw.
Ransomware is sharply increasing on Android. Users are led through a series of steps, causing them to download a piece of malware that locks users out of device until a fee is paid. These can include a legal threat from “authorities” such as the FBI, scaring the user into paying a “fine” instead of wiping the system and restoring from a backup.
*Note, the FBI and other authorities do not use screen lockers to collect fines.
What it means for you
The risks associated with mobile threats are rapidly growing. You could be forced to pay money for expensive fixes or for the release or your device from the clutches of cybercriminals. Other mobile threats include the theft of your passwords and personal data without your knowledge, your phone may be used to spread attacks that could infect your contacts.
Google has responded to this increase in mobile threats by releasing monthly security updates, but they’re not released directly to your phone, they’re released to manufacturers and wireless carriers. It is up to them to release to you, and this can take time. You can use some of the following best practices to protect your device, and should continue researching the best solution for your device.
Best practices for mobile safety
- Turn off MMS auto retrieval.
- Update your phone’s software and apps regularly.
- Don’t open messages from strangers, even if it says you won a prize or unclaimed refund. *Some cybercriminals are able to send SMiShing texts that appear to come from a legitimate number.
- Use vetted security software and have a proper way to scan links.
- Only visit sites you trust.
- Don’t download apps from rogue marketplaces.
- Review app reputations before installing.
- Only download from official Apple Store and Google Play.
- Be cautious: don’t open or reply to messages you weren’t expecting.
- Treat strange messages from your contacts with caution. Their phones might have been infected with malware.
- Avoid unsecured wifi.
- Don’t click links to update your apps, only do this from the official app store.
- Accept mobile threats as a real threat, the sooner you treat them as such, the better you will protect yourself.
Has your mobile phone ever been hacked or infected with malware? Tell us about it in the comments.