15 Things That Make Your Phone An Easy Target for Hackers
Is your phone vulnerable to a cyberattack? If you're making any of these very common mistakes, the answer is yes.
How mobile devices are becoming go-to targets for cybercrime
Cybercrime is, unfortunately, a growth industry, and more and more, bad actors are using our phones as their point of attack. According to research conducted by the digital security company iovation, 59 percent of risky transactions in North America happen on mobile devices. "Fraudsters are like chameleons. They are always adapting their tactics to make it look like they're legitimate customers," said Melissa Gaddis, iovation's Senior Director of Customer Success, of the study's findings.
The other problem is that most people don't understand just how much their phones put them at risk. "There is a very common misconception that phones are not susceptible to hackers the same way computers are," says Alexander M. Kehoe, co-founder and Operations Director of Caveni Digital Solutions. "While this may have been true when smartphones first became popular, it is simply no longer the case. In fact, in the United States, nearly 1.42 percent of all devices have been subject to a ransomware attack. So out of every 100 people you pass on the street, at least one of those people has had a virus on their phone."
This is a problem for individuals—and the companies they work for. "Growing numbers of people are accessing sensitive corporate and personal content on the same mobile device they use for checking Facebook, downloading games, and e-mailing friends," says Eric Williams, founder and CEO of ijura, a mobile threat defense solutions provider. "Personal apps can be a serious exposure point, as many hackers use legitimate apps to create trust with users while getting them to pass over sensitive information or download malicious content."
We asked cyber experts to share the most vulnerable points of attack that criminals use to access the data on your phone—and what you can do to protect yourself.
Avoid free public Wi-Fi
"Always use a VPN (Virtual Private Network) when on your mobile device. A VPN protects you from connecting to the same unprotected network as multiple other users. These open Wi-Fi networks allow cybercriminals to easily distribute malicious software to everyone connected in the blink of an eye. While it doesn't cross most consumers' minds, it's actually really simple for hackers to set up a fake malicious network and pretend to be 'Free Airport Wi-Fi' or 'Starbucks Wi-Fi.'" —Paul Lipman, CEO of the cybersecurity firm BullGuard. Don't miss these other cybersecurity secrets hackers don't want you to know.
Don't use public charging stations
"Charging a cellphone via USB from a public computer or charging station puts one's data and device at risk. However, sometimes there is no other option. In such cases, the best thing to do is to find a wireless charger that will refresh the device's battery but not endanger the smartphone or its data. For example, in addition to its wireless charging technology, Apple has recently added a feature that asks the user, when charging with a USB from a computer, if they trust the computer. If the user does not trust the charging computer, only the battery of the smartphone is charged and no data is transferred." —Moshe Elias, Director of Product Marketing at Allot. The New York Post reported that airports are one of the most common public charging stations that are hacked.
Make sure you have a password-protected screen lock
"One of the biggest mistakes people make is not having a PIN or password set on the phone. Think about it: We take our phones everywhere, and it only takes a moment of inattention at a store, hair salon, or coffee shop to allow someone to pick up your phone. In just a few minutes, a hacker can install a spy app on your phone that can monitor what you do, or a thief can just walk away with the phone and have access to your information—maybe your address and bank account. Requiring a passcode to log in can at least slow a thief down enough for you to realize your phone has been stolen and take steps. I recommend having a method set up that will allow you to remotely wipe the phone and protect your data." —Stacy Clements, owner of Milepost 42, a tech partner for small businesses. By the way, you need to change your settings immediately if you use any of these 25 passwords.
Use two-factor authentication
"Having two-factor authentication set up on your devices or major personal accounts—e-mail, banking, etc.—can make a huge difference if you ever become a victim of hacking. Two-factor authentication adds an additional layer of security to your account." —David Batchelor, co-founder and CEO of DialMyCalls.com
Don't have text previews on your screen
"Text previews are what you see on your lock screen when someone texts you. If these are enabled, it will show the content of the message. If disabled, then it will simply notify you that there is a message to view. The problem with text previews is they give a hacker access to your text messages, even if they don't have the passcode to unlock your phone. Here's one example of why this is an issue. Many websites now use two-factor authentication, which means when you log in to your e-mail account, social profiles, or bank, they send a four- or six-digit pin to your phone that you have to input to verify it is really you. With text previews, hackers are able to view these numbers. The best way to protect yourself from his vulnerability is to turn text previews off. The minor inconvenience is worth the major boost in security." —Michael Alexis, IT Manager at Museum Hack
Delete old e-mails
"If you never delete the probably hundreds of log-in e-mails from your e-mail account, you have created a gold mine for hackers. All they have to do is get into your e-mail, and then they have access to every service or website you've used." —Emmanuel Schalit, CEO of Dashlane. You might be surprised to learn these 7 alarming things hackers can do when they have your e-mail address.
Don't click unknown links on social media
"While most of us would not click on a suspicious link in an e-mail, there are countless posts on our Twitter and Facebook timelines with links that we don't even give a second thought to before clicking. It is a best practice to use URL shorteners like Bitly on social media, but for users, there is no way of knowing where these shortened links will take us until after we have already clicked on them. Clicking on links through our social-media accounts could take us to sites where we could be exposed to spyware or malware or even have our devices hijacked by hackers." —Andrew Selepak, PhD, program director at the University of Florida College of Journalism and Communications. You also need to stop using Facebook, Twitter, or Google to log in to apps.
Make sure you log out
"This is the most common problem, which can lead to someone stealing your credit card information or other personal info. Don't forget to log out from your PayPal, Amazon, eBay, and other sensitive accounts." —Emily Andrews, marketing communications specialist at RecordsFinder
Set your phone to automatically update software
"Apple and Google routinely update their iPhone and Android software to fix newly discovered security vulnerabilities and to help prevent future ones. New security updates must sometimes be manually downloaded and almost always require you to restart your phone. The inconvenience is far outweighed by the benefits of doing this." —Jo O'Reilly, Deputy Editor of ProPrivacy.com. Here are some additional security warnings you shouldn't ignore.