Smartphones have been an essential part of our lives for 15 years now, but too many people (and too many companies) still overlook them when plotting out their network defense strategies. Complicating matters these days is the growing number of workers who use their personal phone for business purposes. That’s creating new opportunities for hackers. A new study by McAfee finds mobile devices have replaced PCs and laptops as the primary electronic device among consumers. And trust in those phones is high, even though the risk is higher than ever.
“As our use of mobile devices rapidly increases, we must remember that a mobile device is a connected device, just like a computer,” said Gagan Singh, McAfee executive vice president, chief product and revenue officer in a statement. McAfee’s 2022 Consumer Mobile Threat Report identified four key areas where hackers are finding success in defrauding users in growing numbers:
Smash together SMS messaging and phishing and you get … smishing. And it’s on the rise in a big way. By using personalized greetings that seem to be coming from legitimate organizations, hackers are able to trick people into clicking over to realistic looking websites, where they enter personal information or download an “important” app that will steal their information, contacts and copy their messages. The hackers then widen their net with that information.
This same technique can be used to steal someone’s login information to a company. McAfee warns consumers, especially Android users, to download an app from the Google Play store or an organization’s legitimate website (which you should go to directly, not via a link in a text).
The gamer grab
Plenty of people mix their business (personal or professional) with some pleasure, often in the form of a game on their phone. And many players will download a hacking app to gain extra capabilities in that game if they get stuck. Cybercriminals have started to take advantage of this by adding their own malicious code onto those apps. One example is called “DesiEsp,” which will request superuser access to the device and warns that it may not work properly if the access is not granted. Should users do that, the app will gather user IDs, passwords and other information that can extend well beyond the game.
As mining for cryptocurrency becomes more mainstream, some hackers are deploying phony apps that promise to mine coins in the cloud for a monthly fee, in return for monetary payouts. As you might guess, they take the user’s money, but don’t do any mining in return. It’s not something that compromises your information or grants cybercriminals access to your personal information and log-in credentials, but it’s still an easy swindle on their part.
“These fake mining apps can be difficult to detect, as the code does not actually include any malicious features—it just doesn’t do what it promises,” the report says. “Criminals are producing many variants of this app, targeting different countries and cryptocurrencies, and scamming almost 100,000 people and counting. Since it currently costs thousands of dollars to mine one Bitcoin, depending on the cost of electricity, offering to mine for five dollars a month is unrealistic.”
Fake messaging apps
You’ll find dozens, if not hundreds of apps that are slickly designed and offer everything from mobile games to photo editing tools. Once installed, though, these will ask for the user’s phone number and verification PIN and use hat information to sign them up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings.
These services generally deliver one-time, recurring, or on-demand services, such as flight info, sports results, or a daily joke. The hook is: You’re paying for each of those texts, and might not realize it, since the charge is built into your phone bill. Hackers often have different goals. Some want an easy buck. Some want access, with nefarious intentions. That could be access to important personal accounts, but in a telecommuting world, where we’re logging into business servers and chat rooms at any given time, the risk for businesses is growing as well.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.