Phishing attacks are nothing new. They’re the scams that arrive via fraudulent emails designed to trick users into clicking suspicious links or disclosing sensitive information. If you’ve ever received emails from a Nigerian prince who’s offering a large reward in exchange for bank details, that’s a phishing scam. The problem is these scams have evolved and are far more sophisticated and widespread than ever.
According to a Scamwatch study, there are over 18,000 reported cases of phishing attacks in 2019, and it’s only increasing. Part of the reason phishing is so common is that it’s easy to do. Instead of exploiting system vulnerabilities, cybercriminals only have to send a persuasive message to an unwitting user.
The other reason is that smartphones and tablets have given rise to mobile phishing scams. Below are three types of phishing scams enabled by mobile devices, and how you can avoid them.
SMS-based phishing, or smishing, occurs when an attacker sends text messages with links designed to steal your data. Much like using fake email addresses, cybercriminals spoof phone numbers to fool you. Due to small screen sizes and shortened links, it’s easy to mistake dangerous SMSs for innocent messages. After all, you can’t hover over a link to verify the URL like you could on a PC. Plus, since texts are expected to be informal, you’re less likely to be alarmed by typos, even if they’re from your bank.
To avoid these scams, a keen eye for detail is important. Steer clear of messages that offer free stuff in exchange for your information, especially when they say “limited time offer.” Scammers will usually lure people with offers that are too good to be true and urge them to act quickly.
Be careful if a legitimate company has never contacted you via text before. Reliable organisations will never ask for your personal details over SMS. If a bank or other organisation claims there’s a problem with your account, don’t contact them through the link they provided. Search for their real website and phone number on your web browser instead.
You should also install apps like SpamSMS (iOS) and Key Messages (Android). These automatically filter known smishing scams and messages with specific keywords. Once you’re sure the text is a smishing scam, block the number right away. Here’s how you do it:
- Open your Messages app and go to the fraudulent text message
- Tap the ‘info’ icon (for iOS) or the three-dot-button (for Android)
- Scroll through the options and select the block number option
From there, report the smishing attempt to the Australian Communications and Media Authority (ACMA). The agency will then investigate the source of the text and work towards stopping unwanted messages.
Voice phishing, or vishing, uses the same principles of phishing and smishing but does it over a phone call. Experienced vishers are smooth operators who can impersonate bank tellers and company representatives to get you to divulge personal information. They’ll even use fake caller ID profiles to look authentic and use scare tactics so you make hasty decisions.
One thing you can do to minimise unwanted calls is to sign up for ACMA’s Do Not Call registry. You can also use Call Blocker (for both iOS and Android) to blacklist calls from certain phone numbers and caller IDs.
The other option is to use your smart device’s built-in number blocking option. For Apple devices, go to your recent calls, click the info icon, and select Block this caller. For Android, open your Phone app, tap the three-dot button, then go to Call settings > Reject calls and click on the “+” to add specific numbers.
On the off chance that vishers circumvent these security measures, your smartest response is to hang up the phone. Tell the suspected visher you’ll call them back, but instead of ringing them again, call the office number listed on the company’s website. Finally, make sure to report the incident (and phone number) to Scamwatch and your managed IT services provider.
Mobile app stores are a hotbed of phishing activity. This is especially true for third-party app stores that are home to hundreds of unverified applications. Cybercriminals use these stores to spread malicious apps designed to gain privileged access into your device. These apps often ask for permission to use your smartphone’s camera, location services, and cloud data to steal sensitive information.
However, malicious apps can even slip into official apps stores. The Google Play Store, for example, unknowingly hosted malware-infected apps filled with fraudulent ads that generate income for cybercriminals. Research conducted by the University of Sydney also discovered several counterfeit apps in the Google Play Store. These apps had designs resembling an official app’s login screen to fool users into giving away their username and password.
The best way to defend yourself against these scams is to think critically about the apps you install on your device. Avoid third-party app stores, and only download highly-rated apps on the Google Play Store or Apple’s App Store. You should also check reviews and never elevate access privileges unless absolutely necessary.
Ultimately, a healthy dose of skepticism and common sense are the most effective ways to prevent mobile phishing scams. If you need assistance against mobile phishing, call Empower IT today. We provide anti-phishing solutions and security training to protect Australian businesses from a slew of cyberthreats.