It's common to see stories about a new hack or malware attack feature stock images of desktop computers or office workers at desks, but the latest quarterly risk report by cybersecurity firm RSA points to a frightening trend that should change that image. Increasingly, the culprit is right in your hand: Cybercriminals are directing their efforts at peoples' mobile devices.
SEE: Mobile device computing policy (Tech Pro Research)
On the one hand, this shouldn't surprise us. Our phones and tablets have become multifunctional mini-computers—we use them for banking and payments, for identity verification and gaming, among hundreds of other tasks. But we also rely heavily on our phones and tablets for email, and cybercriminals are nothing if not opportunistic.
As both the RSA and other recents reports show, email phishing remains, by far, the most common way for bad guys to get in. It seems that we've been letting our guard down by opening links or attachments on our mobile devices that we would have deleted on our personal computers.
At the same time, phishing attempts have grown more sophisticated and realistic, heightening the chances that even savvy users will get duped. From a sample of more than 24,000 fraud attacks RSA researchers identified in early 2018, 65% came from mobile applications and mobile browser transactions. Roughly half of the attacks came via email phishing.
How to bolster security for your mobile devices and data
- Keep your devices up-to-date. Whether you're on iOS, Android, or other another operating system, set your devices to auto-update or, at least, to prompt you when a newer version is available.
- Check the authenticity of apps. The RSA report identified more than 8,000 "rogue" mobile apps, many of which were designed to look like legitimate companies or applications. Legitimate apps from the Apple or Google Play app stores generally have a large number of reviews and contact information for the company or organization.
- Treat financial accounts with extra care. Criminals exploit the proliferation of mobile financial services and payment apps—that's where the money is. So double-check that your banking and payment apps are legitimate; set up two-factor authentication just like on a desktop application; and never provide your login or password via email, text, or phone since legitimate businesses shouldn't verify you that way.
- Cybersecurity in an IoT and Mobile world (ZDNet special feature) | Download as a PDF (TechRepublic)
- Here are the 'most clicked' phishing email templates that trick victims (TechRepublic)
- Why we might see more spam and phishing post-GDPR (TechRepublic)
- Cheat sheet: Two-factor authentication (TechRepublic)
- Android privacy and security starter kit (Download.com)
- Do iPhones need malware protection? (Download.com)
Gregory Michaelidis directs the Security Awareness Lab and is a Cybersecurity Initiative Fellow at New America. Previously he served as a senior public affairs advisor and director of speechwriting at the U.S. Department of Homeland Security.