15 Things That Make Your Phone An Easy Target for Hackers
Is your phone vulnerable to a cyberattack? If you're making any of these very common mistakes, the answer is yes.
How mobile devices are becoming go-to targets for cybercrime
Cybercrime is, unfortunately, a growth industry, and more and more, bad actors are using our phones as their point of attack. According to research conducted by the digital security company iovation, 59 percent of risky transactions in North America happen on mobile devices. “Fraudsters are like chameleons. They are always adapting their tactics to make it look like they’re legitimate customers,” said Melissa Gaddis, iovation’s Senior Director of Customer Success, of the study’s findings.
The other problem is that most people don’t understand just how much their phones put them at risk. “There is a very common misconception that phones are not susceptible to hackers the same way computers are,” says Alexander M. Kehoe, co-founder and Operations Director of Caveni Digital Solutions. “While this may have been true when smartphones first became popular, it is simply no longer the case. In fact, in the United States, nearly 1.42 percent of all devices have been subject to a ransomware attack. So out of every 100 people you pass on the street, at least one of those people has had a virus on their phone.”
This is a problem for individuals—and the companies they work for. “Growing numbers of people are accessing sensitive corporate and personal content on the same mobile device they use for checking Facebook, downloading games, and e-mailing friends,” says Eric Williams, founder and CEO of ijura, a mobile threat defense solutions provider. “Personal apps can be a serious exposure point, as many hackers use legitimate apps to create trust with users while getting them to pass over sensitive information or download malicious content.”
We asked cyber experts to share the most vulnerable points of attack that criminals use to access the data on your phone—and what you can do to protect yourself.
Avoid free public Wi-Fi
“Always use a VPN (Virtual Private Network) when on your mobile device. A VPN protects you from connecting to the same unprotected network as multiple other users. These open Wi-Fi networks allow cybercriminals to easily distribute malicious software to everyone connected in the blink of an eye. While it doesn’t cross most consumers’ minds, it’s actually really simple for hackers to set up a fake malicious network and pretend to be ‘Free Airport Wi-Fi’ or ‘Starbucks Wi-Fi.'” —Paul Lipman, CEO of the cybersecurity firm BullGuard. Don’t miss these other cybersecurity secrets hackers don’t want you to know.
Don’t use public charging stations
“Charging a cellphone via USB from a public computer or charging station puts one’s data and device at risk. However, sometimes there is no other option. In such cases, the best thing to do is to find a wireless charger that will refresh the device’s battery but not endanger the smartphone or its data. For example, in addition to its wireless charging technology, Apple has recently added a feature that asks the user, when charging with a USB from a computer, if they trust the computer. If the user does not trust the charging computer, only the battery of the smartphone is charged and no data is transferred.” —Moshe Elias, Director of Product Marketing at Allot. The New York Post reported that airports are one of the most common public charging stations that are hacked.
Make sure you have a password-protected screen lock
“One of the biggest mistakes people make is not having a PIN or password set on the phone. Think about it: We take our phones everywhere, and it only takes a moment of inattention at a store, hair salon, or coffee shop to allow someone to pick up your phone. In just a few minutes, a hacker can install a spy app on your phone that can monitor what you do, or a thief can just walk away with the phone and have access to your information—maybe your address and bank account. Requiring a passcode to log in can at least slow a thief down enough for you to realize your phone has been stolen and take steps. I recommend having a method set up that will allow you to remotely wipe the phone and protect your data.” —Stacy Clements, owner of Milepost 42, a tech partner for small businesses. By the way, you need to change your settings immediately if you use any of these 25 passwords.
Use two-factor authentication
“Having two-factor authentication set up on your devices or major personal accounts—e-mail, banking, etc.—can make a huge difference if you ever become a victim of hacking. Two-factor authentication adds an additional layer of security to your account.” —David Batchelor, co-founder and CEO of DialMyCalls.com
Don’t have text previews on your screen
“Text previews are what you see on your lock screen when someone texts you. If these are enabled, it will show the content of the message. If disabled, then it will simply notify you that there is a message to view. The problem with text previews is they give a hacker access to your text messages, even if they don’t have the passcode to unlock your phone. Here’s one example of why this is an issue. Many websites now use two-factor authentication, which means when you log in to your e-mail account, social profiles, or bank, they send a four- or six-digit pin to your phone that you have to input to verify it is really you. With text previews, hackers are able to view these numbers. The best way to protect yourself from his vulnerability is to turn text previews off. The minor inconvenience is worth the major boost in security.” —Michael Alexis, IT Manager at Museum Hack
Delete old e-mails
“If you never delete the probably hundreds of log-in e-mails from your e-mail account, you have created a gold mine for hackers. All they have to do is get into your e-mail, and then they have access to every service or website you’ve used.” —Emmanuel Schalit, CEO of Dashlane. You might be surprised to learn these 7 alarming things hackers can do when they have your e-mail address.
Don’t click unknown links on social media
“While most of us would not click on a suspicious link in an e-mail, there are countless posts on our Twitter and Facebook timelines with links that we don’t even give a second thought to before clicking. It is a best practice to use URL shorteners like Bitly on social media, but for users, there is no way of knowing where these shortened links will take us until after we have already clicked on them. Clicking on links through our social-media accounts could take us to sites where we could be exposed to spyware or malware or even have our devices hijacked by hackers.” —Andrew Selepak, PhD, program director at the University of Florida College of Journalism and Communications. You also need to stop using Facebook, Twitter, or Google to log in to apps.
Make sure you log out
“This is the most common problem, which can lead to someone stealing your credit card information or other personal info. Don’t forget to log out from your PayPal, Amazon, eBay, and other sensitive accounts.” —Emily Andrews, marketing communications specialist at RecordsFinder. Signing out of your accounts is also essential when cell phone recycling, so make sure you log out before you get rid of your old phone.
Set your phone to automatically update software
“Apple and Google routinely update their iPhone and Android software to fix newly discovered security vulnerabilities and to help prevent future ones. New security updates must sometimes be manually downloaded and almost always require you to restart your phone. The inconvenience is far outweighed by the benefits of doing this.” —Jo O’Reilly, Deputy Editor of ProPrivacy.com. Here are some additional security warnings you shouldn’t ignore.
Be wary of sharing your location
In a blog post about security threats, Jolera.com advises against publicly sharing your location for both financial and physical security: “Hackers can use information about your location to spear phish you.” In other words, they can closely target you with phishing e-mails based around places you’ve been and regularly go. Criminals can also use your location to make robbery attempts where you are—or at your home when they know you’re away.
Don’t open unknown e-mail attachments
“People tend to forget that their smartphones are in fact very capable computers. You are inviting trouble if you open suspicious e-mails and click links downloading malware unknowingly. Nine out of ten cyberattacks start with a simple phishing e-mail.” —Mihai Corbuleac, Information Security Consultant at StratusPointIT. That’s just one of the common computer mistakes you should have stopped making by now.
Think twice before clicking texted links
“Unless you are 100 percent sure of who the sender is, like a friend or family member, and at a minimum get confirmation that the link is OK, don’t click. Clicking links that might come from your phone carrier, a vendor, a merchant, or really anyone could be subject to malware infections, especially on an android phone.” —Robert Siciliano, security expert for Porch.com
Use complex passwords
“Many apps and websites require complex passwords, but many do not. It is always best to have passwords of at least 10 characters or more, mix uppercase and lowercase letters, and use special characters. Complex passwords are hard to remember. It may convenient to use the notepad on your computer or a mobile device to save them for easy copy/paste access, but exposing passwords to an insecure platform allows others to access them as easily as you do. E-mail and SMS are insecure platforms as well. The best place for storing passwords is inside your head.” —Clay Miller, CTO of SyncDog. Check out these red flags that someone may be spying on your computer.
Be careful about agreeing to app permissions
“Before installing an app, check whether it displays ads. It’s a safer option to pay a few bucks to get a version of an app that doesn’t show you ads if that is available. It’s a good idea to sanity-check the list of permissions before you enable them. While it makes sense for certain apps to ask for permissions [on things] that may seem sensitive, sometimes the list of permissions just seems too invasive and I will stop the product from installing. Or you may not want to enable all the permissions for apps that ask for them. For example, I don’t want the mobile app for my fitness devices to track my runs, so I’ve disabled location permissions for that app. I have a game that allows you to share photos, but I don’t want to do that with the app, so I’ve disabled those permissions.” —Lysa Myers, Security Researcher for ESET
Watch out for rogue Bluetooth connections
“Short-range wireless technologies such as Bluetooth can give away information about who owns a device that can easily be picked up by someone nearby. While Bluetooth requires that a user approves to connect or pair devices, it is easy to make a mistake and allow a rogue device to connect to your device. We recommend disabling Bluetooth when not in use and only permitting approved devices to connect to your mobile device. If in doubt, don’t allow it!” —Richard Gold, PhD, head of security engineering at Digital Shadows. Don’t miss these clear signs you’re about to be hacked.