If you’re reading a blog post about mobile phishing, there’s a pretty good chance you’ll never be phished.
If you’re aware that online criminals are always trying to get you to give away your passwords, security data and credit card numbers, you’re probably already careful about where you enter your private information on the Internet. And you check out articles like this to find out if criminals have any new tricks up their sleeves.
And do online criminals have new tricks up their sleeves? The answer to that question, unfortunately, is almost always yes. There’s always a new way to scam you out of your data. Most importantly, you need to realize phishing scams are no longer restricted to your PC. In our mobile, connected world, you need to check twice or thrice when you enter your private information—whether you are on your PC, an ATM or your phone.
F-Secure Labs reports that users are increasingly likely to be phished using methods that involve their phones. The odd rendering of mobile web pages and the use of SMS to send one-time passwords are powerful new lures for the phishers of the world. So even if you are savvy enough to avoid phishing attacks on your PC, you need to be as aware when you are on your phone.
Here’s what you need to know to keep your data to yourself.
1. Always check the URL of the site you are on before you click submit
You should always check the URL of any web page you are on whether you are browsing on your phone or your PC. It’s easy to replicate the look of a site. Copying the site’s URL is more complicated. You’re looking for two things in the URL. First of all, are you really on the site you intend to be on? Forget all the stuff that comes after “.com”, you’re just making sure that you are really on Facebook.com or Amazon.com. Second, you want to make sure you see the “s” in “https”. This is especially important when you are using your phone (or PC) on an unsecured wireless network.
2. If you ever think, “Why are they asking for that?” close your browser.
F-Secure Labs recently analyzed an man-in-the-mobile (mitmo) trojan attack that created a fake bank login page. The page asked for the customer’s mobile number so that one-time passwords could be sent through SMS as a security precaution. The page also asked for the phone’s international mobile equipment identity (IMEI), which was then used by the trojan to forge a security certificate and infect your phone. The user gave the criminals critical information and made life easier for the scammers. Anytime you’re filling out a form and wonder, “Why do they need that?” stop the transaction and contact the institution directly.
3. Use only one credit card for all of your online purchases
In some countries, using a credit card limits your fraud liability, making credit cards a safer choice than ATM cards. Regardless if this is true for you, a smart strategy is to use the same credit card for all your online purchases and check that account weekly. The sooner you spot a fraud, the less damage you are likely to incur.
4. If you’re going to make transactions on your phone, make sure it’s protected.
Our handheld mobile devices are as powerful as PCs, and they need to be protected like PCs. That means you need to keep your system and applications updated. F-Secure Mobile Security‘s Browsing Protection protects users against phishing scam. Your phone has access to your email and other crucial accounts, so it’s smart to secure it the way you secure your PC.
5. When in doubt, go in the bank.
The clock is always ticking. You’re late; you want to save some time. That’s when your mobile phone makes life easier. However, for your most crucial interactions, such as large transfers, you best choice is to go into the branch itself. That way you don’t have to worry about phishing or mobile trojans. You may have to wait in line, but a little wait in line is nothing compared to being phished.
This may sound like a nightmare or a Black Mirror episode about a dystopic future, but…
March 23, 2017