Protecting your Important: Smartphone security - the 10 biggest risks for your device

Smartphones have become increasingly important tools we use in our daily lives to work, connect with family and friends, and conduct various other activities, including banking, shopping, or learning new skills.

However, they’re also highly profitable targets for cybercriminals who are eager to get their hands on troves of information stored in our pocket-held devices.

This is why it has become imperative for users to stay vigilant and properly secure their smartphones against unauthorized access, malicious attacks and identity theft.

To mitigate these risks and maintain control over your digital life, we’ve expanded on 10 of the most common threats to mobile security:

1. Social engineering schemes – phishing, smishing and vishing attacks

Phishing is a social engineering tactic malicious actors use to gain access to sensitive data, hijack accounts and steal money. During a phishing attack, cybercriminals use emails, text messages, and phone calls to deliver fraudulent messages, aiming to trick users into handing over their personal information and credentials (for bank accounts, online services or social media accounts) or downloading malware onto their devices.

Mitigation: To avoid falling victim, you should always verify the legitimacy of a message and stick to good cyber hygiene, such as not responding to unsolicited correspondence, clicking on suspicious links and attachments or providing sensitive information to individuals who contact you unexpectedly. Don’t forget to use a security solution that blocks malicious and fraudulent links should you unwittingly access them.

2. Data leaks

Poorly secured and managed apps you install on your smartphone can leak personal data such as photos, name, location, contact lists, browsing history, and much more, depending on the type of application you use. Whether the leak is unintentional or following a cyberattack, there is no shortage of cybercriminals who can misuse your data for malicious purposes.

Mitigation: To limit your risks, we recommend limiting app permissions and adjusting your smartphone's security controls to restrict the data collected by each app. Also, you should consider reading the fine print for any installed app and avoid using those that request access to far too much information.

3. Unsecured Wi-Fi networks

Free and publicly available Wi-Fi networks in coffee shops, malls and airports are usually unsecured (they don’t require any password and lack encryption), making them extremely vulnerable to attacks. Connecting to such Wi-Fi networks can allow cybercriminals to spy on your online activity and steal sensitive data, such as your credentials and credit card information.

Mitigation: Avoid connecting to a free WiFi network whenever possible; if you do, never conduct financial transactions or access confidential business data without a VPN.

4. Spyware

Digital surveillance tools known as spyware or stalkerware are deployed on a mobile device to track the user’s texts, emails, phone location, take screenshots of the screen or even eavesdrop on nearby conversations. Abusers and other digital miscreants can use spyware software to monitor the victim’s whereabouts or online activity, and harm them physically, emotionally and financially.

Mitigation: Since spyware software is surreptitiously loaded on a victim’s device, users should never keep their mobile device unattended, steer clear from downloading unfamiliar apps, ensure their phones are password-protected, and use a mobile security solution to thwart this type of malware.

5. Overlooking operating system and software updates

Keeping your phone’s operating system and applications up to date is key to protecting devices against vulnerabilities, exploits and cyberattacks. Updates and patches often address known vulnerabilities or encompass security features that help secure your operating system and apps.

Mitigation: Keep your smartphones and applications up to date at all times, with automatic updates turned on by default to ensure that your phone is receiving the latest security updates on time. If your device hasn’t been receiving new patches or is no longer supported by the manufacturer, you should consider changing the device, since it will only increase your risk of compromise.

6. Malicious and scam apps

Malicious apps are unsafe or unwanted software that can steal personal info and money, or harm your device. App stores are filled with such apps that may mimic legitimate ones. Attackers bait users with free apps that sound too good to be true and knockoffs of legitimate ones (a game, social media platform, shopping or photo editing application), and instead of delivering the advertised functionality, they lock your phone, steal data and money, bombard you with ads or charge you large subscription fees.

Mitigation: Stay vigilant against fake and malicious apps whenever you download new apps on your device. Only use legitimate app stores, carefully inspect  reviews and fine print for any red flags (hidden fees, hundreds of positive reviews for a new app), and conduct an internet search about the application. For already installed apps, look for ones that hog your battery and mobile data (especially if the app does not need an internet connection) by using your phone’s configuration menu, and install a reputable mobile antimalware security solution.

7. Poor password security

Most people play a risky game with their privacy and security by recycling or reusing passwords across multiple accounts. Poor password habits can lead to unauthorized access, account takeovers and fraud.

Mitigation: create strong and unique passwords for all of your accounts or use a password manager to safely generate and store complex passwords. Set up additional layers of security (2FA, MFA, or biometrics) and never share your credentials, especially via unsolicited correspondence.

8. Identity theft and SIM-swapping attacks

Millions of people fall victim to identity crimes every year. Unfortunately, smartphone users        are also exposed to a unique type of identity attack in the form of SIM swapping., This attack involves hackers convincing  cell phone carriers to switch a victim’s phone number to a new device, allowing them access to sensitive data such as user accounts and credit card numbers.

Mitigation: A SIM-Swapping attack begins with cybercriminals gathering personal information on the target. In this case, the first line of defense is keeping your personal information private and removing phone numbers from accounts that do not require one. You should also enable two-factor authentication on your accounts and immediately contact your carrier if you spot these red flags: you receive large bills from your provider, you’re unable to make phone calls from your device or notice suspicious activity on your accounts.

9. Lost or Stolen Mobile Devices

Lost or stolen devices pose a great risk to your digital security and identity since they usually hold a variety of personal and sensitive information, from banking app loggings to passwords, photos and even confidential work documents. Once malicious individuals get their hands on a device, they can make unauthorized purchases with linked credit cards, access your accounts, harvest personal data, open credit cards or get loans in your name and commit other identity theft crimes.

Mitigation: Enable or use ‘find my phone’ features to help you locate a missing phone and lock your device. Some phone locating apps let you remotely erase data on your phone, an option you should consider if you want to prevent crooks from accessing your data. Report a lost or stolen phone to your cell phone carrier and workplace, and file a police report as well. Contact your bank if you have any stored credit cards on the device, and make your family members and friends aware of the incident.

10.  Connected IoT devices

Security flaws or misuse of connected IoT tech including wearables (smart watches), appliances and other devices further expand the attack surface of users via weak passwords (or lack thereof), unsecure data transfers, data breaches and leaks.

Mitigation: Keep your connected IoT devices up to date, configure privacy settings to maximize your privacy, wipe personal information from old, unused devices, review app permissions, and read the privacy policy before purchasing new devices to add your home network.

This Cybersecurity Awareness Month, begin prioritizing your digital safety and grab a Bitdefender Mobile Security solution (Android and iOS) to keep your sensitive data safe from internet threats with relevant features including:

• Advanced web protection against all cyber threats including viruses and malware
• Scam alerts to notify you about malicious and fraudulent links delivered via SMS, messaging apps or notifications
• App traffic filtering and a powerful VPN for safe and anonymous surfing