How cybercriminals use phishing and other tricks to hack smartphones

Since the Covid-19 pandemic, hackers have been focusing more and more on smartphones, with over a million phishing and social engineering assaults recorded over the last six months, as per various reports. Smartphones are the primary way by which we access our multiple digital accounts and services such as social media, email, apps, SMS', etc. The increasing complexity of phishing scams means that even the most vigilant and tech-savvy users are susceptible to assaults. As a consequence, cybercrime has grown into a multibillion-dollar industry. Getting to solve this problem would benefit companies and customers immensely. 

Cyber criminals & digital fraudsters are not only focusing on phones with poor security or taking advantage of vulnerabilities, they also use these in combination with an understanding of the end users like you and me. They are aware of our mental processes and what we want to accomplish and customise their attacks accordingly. 

Hackers use phishing attacks via fake emails to trick users into clicking a fraudulent link, opening an attachment, submitting sensitive information, or sending money. Apart from emails, SMS, instant messages (IMs), WhatsApp messaging and other kinds of electronic communication, some of them might seem to come from a trusted source, are also used for such assaults. Phishing Links lead you to malicious websites which are designed to steal your personal information or otherwise compromise your smartphone.  

Targeted mobile phishing attempts may easily damage a business's security too. This is because more and more individuals are making business calls from their personal cell phones. Due to the pandemic, the workforce across the world entered the remote-work realm. Today, it's not uncommon to use the same mobile device for both personal and professional purposes. 

The hacker exploits our weakness much like a foreign organism using a weakened immune system. Last year, human error was responsible for over 82% of data breaches, and that percentage is only expected to rise, as reported by Help Net Security. In order to take advantage of those who have grown dependent on their mobile devices, hackers have created more of mobile-based defrauding techniques. Instances of Tap-jacking, app-spoofing and screen-overlays are on the rise. Behind all these attacks is the human urge to proceed with speed on the next step by quickly clicking on a link or notification which could actually be fake or deceptive. 

Majority of us, when we hear the term cybersecurity, we tend to think about how to protect ourselves against hackers who take advantage of technical flaws in order to target data networks. However, there is still another entry point into critical databases or networks of organisations, and that is, via exploiting the frailties of individuals. This is a sort of deception that is referred to as "social engineering" and it is used to trick individuals into disclosing sensitive information or giving up access to computer networks. Because they prey on human frailties like curiosity, respect for authority, fear (of bank a/c getting blocked or losing electricity connection), and the desire to aid friends and family, social engineering assaults are notoriously tough to defend against. 

Protecting yourself against phone hacking is a matter of basic sense, but there are steps you can do to mitigate the risk. 'Awareness, Alertness and Agility' are the elementary mantras. Moreover, there are sophisticated approaches to guarantee the highest level of security for your phone, such as putting an antivirus in your mobile, adding passwords to all applications, and avoiding phishing emails. 

You may take extra precautions to protect your mobile devices by installing mobile security solutions that provide encrypted online surfing and continuous protection against phishing attempts. If you are a mobile-app provider enterprise, it is advisable to get a RASP (Runtime App Self Protection) based solution plugged into your mobile app before you offer it to your customers. 

This will ensure real time defense against spyware, malware, screen-mirroring, key-logging, spoofing etc. which are the main aims with which fraudsters carry out phishing and social engineering. The incorporation of cutting-edge mobile endpoint and application security into business practices is not the ultimate frontier, but rather the start of a new era. 

Sunita Handa

---

Sunita Handa is the Principal Advisor at Protectt.ai.