A report last month revealed that 51 percent of U.S. online holiday shopping will occur on mobile devices. There are an estimated 184 million U.S. mobile phone users, which means at least 92 million people will shop via their mobile devices this holiday season. With so many people accessing the Internet from handheld devices, cybercriminals are looking for as many ways to target unsuspecting victims as they can.
The rise in mobile usage highlights a growing trend of mobile-specific attacks that are more malicious than ever. To stay safe while shopping on your mobile device during the holiday season, look out for the following threats to mobile safety:
- Mobile-Specific Malware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs.: Mobile-malware is designed to specifically infect the operating systems (OS) of mobile devices. According to the Government Accountability Office (GAO), mobile-malware has increased 185 percent since 2014. Mobile-malware can give criminals access to all personal and business data stored on your device, including passwords, financial information, files, and images. This can be especially problematic for companies with a Bring Your Own Device (BYOD) environment.
- Ransomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money. Ch-ching!: Ransomware is one of the latest and most prolific mobile-malware threats. It can lock your phone, encrypt files, and hijack administrative privileges to make it harder to remove the malware.
- Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. Emails/Websites and SMShing via Text or Phone Call: Cybercriminals often use this method to lure victims into giving away personal information via “too good to be true” deals. Mobile devices’ small screens make it harder for you to confirm the legitimacy of these messages and websites. A rule of thumb is to never give personal, private information to someone you’re communicating with online or over the phone if you’ve never met them in person or aren’t 100 percent confident of their identity.
- Link Shortening: Shortened links can hide the final URL destination, prompting you to unknowingly visit an infected site. Unlike on a computer, mobile devices don’t give you the ability to hover over a link with your mouse to verify where the link is taking you.
- Malicious Applications: Mobile device owners can accidentally download rogue apps from an official app store that hasn’t properly vetted the app (e.g., iOS App Store, Google Play), or “sideload” the app from one of hundreds of unofficial app stores. Be cautious of unofficial or non-sanctioned apps as they may contain malware or other infectious programs that can endanger your privacy and security.
- Applications Leaking Data: According to a recent study, 73 percent of Android apps and 47 percent of iOS apps share personal information with third parties. Apps that leak information pose a risk as they can disclose sensitive information to a third-party without your knowledge.
Mobile Safety Best Practices
Being cautious about the links you click and sites you visit, as well as who you interact with, is only one aspect of being safe on your mobile device. The other is implementing the correct security measures. Here are some tips for mobile safety.
- Only download applications from the official app store related to your device’s OS
- Be aware of the information you’re authorizing apps to access (e.g., why does a Flashlight app need access to your photos and contacts?)
- Use password padding
- Be cautious about open wireless networks; disable your Wi-Fi from connecting to any random open network; when in doubt, ask a store clerk for the official Wi-Fi hotspot name
- Disable Bluetooth and mobile hotspots when you’re not actively using them
- Use a VPN application when you’re connecting to an unknown network; some top-rated ones are VyperVPN, NordVPN, Iron Socket, and ExpressVPN
- Keep software up-to-date to make sure security fixes are applied
- Turn off location-based tracking on all apps that do not need it to function
If you have an iPhone:
- Turn off AirDrop or only make it accessible to contact
- Change the default Wi-Fi key for personal hotspot
- Enable “erase data after 10 failed passcodes” function
If you have an Android:
- Turn off autosync on cloud storage apps (e.g., Dropbox)
- Enable biometric security settings – don’t use pin or patterns
- Enable phone to lock instantly with power key (and press power key to lock device)
- Modify tethering/mobile hotspot data from the default settings
- Limit which applications can access mobile data
- Manually disable Near Field Communication (NFC) if device is equipped
- Enable device encryption
- Update firmware and software
Holiday sales predictions are in the billions of dollars, and bad actors are going to want a piece of that pie. This makes paying attention to your online actions, especially on your mobile devices, more important than ever. Make safe online choices this holiday season and happy shopping!