April 19th, 2012
Allison here, with AllClear ID. It’s clear to most people that cybercriminals can get into mobile devices or use mobile technology to steal identities. But, just how are they doing this? What should consumers be aware of when using their smartphones or surfing the web on the go? Here are four ways that cybercriminals have been known to use mobile and mobile devices to attack:
- Search Poisoning – Mobile search is still in its infancy, and many haven’t optimized their websites for mobile search. Therefore, there’s been an opportunity for cybercriminals to “poison” search results by having their rogue sites rank for popular key terms. By having their sites rank so highly, people click on the links thinking they’re legitimate, but end up going to malicious sites with malware. This practice is also increasing with image searches, which are harder for the search engines to track and to get rid of.
- QR Codes – QR codes are those funny boxes that businesses place with their ads. Use your smartphone to read the code, and then you receive a coupon, sign up for a newsletter, or even scan to call. For the most part they are fine, but cybercriminals are now using them to lure people to malicious website. To check a QR code for legitimacy, use a scanning app that lets you see the URL before you scan it. This way, you can see where it leads. Also, don’t provide log in or personal information when you come to the website from a QR code. This is a red flag for a phishing attempt, and is a way for cybercriminals to steal identities.
- Rogue Apps – It’s projected that there will be 183 billion app downloads by 2015. Cybercriminals are taking advantage of the growing ubiquity of apps by creating apps of their own, and releasing them onto the market. These apps can inject malware into your mobile device, or can be granted access to your location, photo library, and other personal information. These rogue apps have even made their way into Google’s and Apple’s app stores! To protect yourself from these apps, don’t grant them access, especially if it seems suspicious (like a game app wanting access to your phone book). Also take a look at the reviews before purchasing or downloading the app. Be wary of those with negative complaints, or without any reviews at all.
- Fake Wi-Fi Hotspots – This problem is most common in public places, such as airports and coffee shops. You’re on the go, and you just want to check your email. Cybercriminals have set up fake wi-fi hotspots in public place where people expect free wireless access to be able to watch what everyone is doing and steal passwords and other personal information. If you’re surfing the web in a public place and are unsure if it’s secure, or even real, then keep your activities to web browsing. Don’t log into anything, and certainly don’t do anything that involves your personal information.