Excessive reliance on smartphones has attracted a lot of attention from cyber criminals who are eying the confidential and personal information in these devices. What with smartphones being used as electronic wallets, these devices do contain a dangerous amount of private user data such as online banking pin numbers etc. that the user might not even be aware of. Phishing is one of the most common methods hackers use to steal people’s private data.
In simpler terms phishing is an illegitimate way of extracting confidential information like a bank account number, online transaction password and your social networking account passwords etc. It is different from hacking, in which cyber criminals do not take any help from users for extracting information. But in phishing, smartphone users are lured in such a way that they end up giving information on their own.
Ways or techniques used by cyber criminals
With smartphones being used extensively for business applications, emailing has become one of the mostly used functionalities of these devices.
Cyber criminals have devised unique and smartphone-specific ways to target users. In a classic phishing attack through email, a cyber criminal will approach the smartphone user with an unbelievable and very irresistable offer, which the user would definitely want to check out. And, the moment he clicks on the link provided, he falls into the trap designed by the attacker.
Users are usually asked to provide some information to complete the offer and 10 per cent of users end up giving all the information the app asks for.
Similar to an elaborate email, smartly drafted short messages carrying a link to a web page sounding similar to a popular brand are sent to the smartphone user. After the user lands at the web page he is guided through a process during which all the required information is extracted from the smartphone.
Designed specifically for smartphones, these applications try to get access to restricted information on the device. Most users, while installing free applications, do not see what permissions the application is asking for.
A similar case was noticed by Netquinn antivirus group, which had identified a couple of applications that made calls and sent messages from the victims’ phone without his knowledge. When the service provider tries to alert the user about high usage, the application stops the alerts and messages being sent to the smartphone.
Today, phishing is not just limited to extraction of confidential information but can be used for cloning smartphones as well. According to some recent cases there have been emails claiming to extend the warranty of the smartphone for free, and they require the user to put in information like the IMEI (International Mobile Equipment Identity) number, serial number, and type of phone so that the device can be cloned for illegal purposes.
It’s not that there is no way to prevent phishing. With a little presence of mind and alertness, smartphone users can counter these attacks.
While checking out any email or offer that seems too good to be true, check for the source of that offer, and if possible call the sender in case it is a brand or company to find out whether it is authentic.
Whenever you go to a third party web site, which asks for monetary or bank related information, do not forget to check for the HTTPS protocol before the address of the website. All banks and financial transaction related institutions use HTTPS protocol. If it is missing you better exit that page.
While installing a free application, always take time to read all the permissions that app asks for. If anything related to security or personal information or access to stored passwords is being asked, then terminate the installation.
Smartphones, like computers, have security software that prevent users from being attacked by phishing attacks. Although there are many free solutions available, investing in a reputed, paid security software is advised.