The increase in mobile communication is a real blessing for hackers. No wonder, as mobile devices make it easy for them. In this blog post, we show which methods cyber criminals use for their attacks and how companies and other organizations can protect themselves against them.
Mobile devices have a special appeal for hackers, as they not only contain a lot of personal but also business data. This also includes valuable user identities for applications or portals. At the same time, they are easy to attack as they are often always connected to the internet. What’s more, they are less protected against malware or attacks than conventional computers, which are better integrated into the internal security structure. It is therefore easy for cyber criminals to infiltrate malware with relatively little effort. This allows them to monitor the devices or tap into sensitive data.
Below we explain what the term “phishing” means and show you how you can protect your mobile devices from this threat.
“Phishing for Compliments”
Who hasn’t heard them before? The warm “You’ve won” message or the trick of the flattering “grandchild” on the phone. Although everyone knows these tricks by now, phishing is probably still the biggest security problem on smartphones and tablets. Fraudsters usually send a fake email, text message or messenger message with links to supposed online retailers, payment services or social networks. Currently, mailing messages with links to parcel service providers and forums in which hackers pretend to be support staff are very popular tricks, as are classic phone calls. The victim is often lured to a fake website or persuaded to install a (supposed) help program. The actual phishing process then starts by attempting to steal personal access data. In addition, attempts are made to start automatic downloads or to place malware on the device using the phishing data. Phishing is often the start of a cyberattack. Particularly prominent examples were the Pegasus spyware or the video attack on the Amazon CEO at the beginning of 2020. The administrative filter applies to business emails, which is not usually the case with private mailboxes. This makes private email accounts particularly interesting for attackers.
The best protection against phishing is multi-factor authentication (MFA). In combination with endpoint monitoring, web filters against fraudulent websites and antivirus programs, comprehensive protection is guaranteed. As people are the number one risk factor in phishing attacks, good security training for employees is particularly important.
We explain what other threats there are and how you can protect your mobile devices against them in our next blog post.