Your Mobile Devices are being Phished

In a recent post from cybersecurity expert Stu Sjouwerman, he reports that mobile phishing attacks have increased by 475% in the last 18 months. Attacks on mobile devices are gaining momentum and attackers are now launching phishing attacks at SMS, WhatsApp, Facebook Messenger, and Instagram. Security professionals who overlook these new routes of attack put their organizations at risk.

Consider these phishing related risks on your mobile device:

  • Apps - lack built-in security. Free apps usually ask for a lot of access they shouldn’t need.
  • WiFi - your device typically picks up the strongest signal, which may be a rogue WiFi that seems legitimate but is actually an attacker just waiting to monitor, intercept or even alter communications from your device.
  • Bluetooth - can be used to spread viruses, and hackers can use it to hack into phones to access and exploit your organization’s data.
  • Human error - thieves sell lost and stolen devices to buyers who are more interested in the data than the device itself.
  • Smishing - or phishing via SMS. For example, a smishing text might entice a victim into revealing personal information, or requesting action on seemingly mundane activities, i.e., the user’s bank claiming it has detected unusual activity or a congratulatory notice saying the person has won a prize from their favorite store.

Take this seriously...

  • Always use strong passwords
  • Encrypt or lock sensitive data
  • Don’t bypass built-in security; use multi-factor authentication options like fingerprint or facial recognition
  • Enable remote tracking
  • Enable your device to erase remotely
  • Only use apps available in your device’s app store - NEVER download them from a browser
  • Update the apps you use regularly; if they’re no longer supported by the app store, just delete them!
  • Think before you click any links in text messages on your mobile device
  • Never jailbreak your iOS or root your Android; you are making it way too easy for hackers
  • Turn off WiFi when you aren’t using it
  • Don’t allow your device to auto-join unfamiliar WiFi networks
  • Don’t send sensitive information over WiFi unless you’re absolutely certain it’s a secure network
  • Disable automatic Bluetooth pairing and always turn off Bluetooth when it isn’t needed
  • NEVER save your login information when you’re using a web browser

Looking to test your defenses or to improve your security posture? Contact Radiant Resources and let us help you build cyber resilience to grow with confidence.