Mobile Devices Fertile Ground for Bad Guys

APPLE-IPHONE

Everyone is trained to be wary of unsolicited emails and to be careful what they click on when using their computer or laptop, but when it comes to mobile devices none of those common sense rules seem to apply.

That may not have been an issue in the past, but with the wide scale adoption of mobile devices, they’ve become the preferred method for hackers looking to steal sensitive data.

“Consumers should be worried,” says Tom Landesman, senior researcher  at Cloudmark, a San Francisco security company. “They have to stay vigilant so they aren’t duped.”

According to Cloudmark’s latest Security Threat Report a real problem starting to show up on mobile devices is spam text messages. While none of the carriers are immune, Cloudmark found Apple iMessage is becoming the venue of choice for spam in 2014. The biggest spam campaign targeting iPhone users so far this year, according to Cloudmark, was an unsolicited offer for designer goods on the cheap. The goal of the spam attack: to get consumers to buy knockoffs.

Phishing presents more danger

Spam is undoubtedly annoying but what is putting mobile device users in more danger than an unsolicited add is the mobile phishing attacks that are also gaining traction. Mobile users will get a text or email from what looks like their bank or other business asking them to click on a link and provide sensitive information. On a computer most people would be skeptical but with a mobile device they are more likely to assume its legit, click on it, and turn over their information to the bad guys without even knowing it. Landesman of Cloudmark says when it comes to phishing the criminals are sophisticated and are able to target a specific town or zip code. “Nowadays they are making it as targeted as possible to fool people,” says Landesman. He says it’s not far-fetched for customers of a local credit union or bank to get a fake text message from a phishing scam. Since the financial institution is small, users may be more inclined to think the text is legitimate.

Rogue apps create havoc

Equally as popular as mobile devices are the apps millions of people download every day. The lion’s share of these apps may be OK but it’s the rogue ones that can create havoc for unsuspecting mobile users. Joe Schumacher, senior security consultant at Chicago-based security company Neohapsis, says rogue apps can be designed to send out spam using your email or to trick you into giving up data by pretending to be a real app. Others track your every move online and sell the information to marketers. “Some apps look to steal data off your phone,” says Schumacher. “If you receive a SMS message from your bank with a pin code it can be intercepted by a rouge app.”

Use common sense to stay safe

Applying the same common sense tactics when using a computer and laptop can go a long way in protecting mobile users. That means not clicking on links in texts or emails when you don’t know the sender, typing in full URLs and being skeptical of any communications that are purported to appear official. It also means understanding what your apps and device is doing in the background. “Your device knows you better than your spouse,” says Andrew Hoog, co-founder and chief executive of viaForensics, a digital forensics and security company. “How well do you know your device?”

Unbeknownst to countless consumers, behind the scenes rogue apps can send private data to a website, redirect you to a different website and analyze all your mobile habits. viaForensics tested 100 popular apps and found that 75% of Apple and 59% of Android apps had at least one high risk rating.

It may be impossible to figure what your device is doing on your own but apps like viaForensics’ free viaProtect will clue you in and alert you to the risk level you face by using it. Hoog says it will also tell you if your data is being sent securely which is particularly important if you are using a banking app or making a purchase. viaForensics estimates 35% of all data is sent unencrypted. “We’re focusing a lot of effort on democratizing mobile security,” says Hoog. “We’re making it accessible in real time on their device so they know exactly what to do.”