by
Szymon Kurnicki
Information Security Unit
When thinking about security, you must not forget about your phone. This is because devices carried by us in our pockets on a daily basis constitute a priceless source of information and a gateway through which someone might reach for our money.
An antivirus program on a desktop or laptop is a norm – one of the first applications that we install. And on the smartphone? Definitely not as often. This is a mistake because phones are slowly becoming more important devices than our computers. The Kaspersky research shows that the number of persons using their smartphones for shopping, payments or online banking increased twofold last year. On the other hand, according to the research conducted by Avast, the number of attacks on smartphone users has also increased significantly – in the second quarter of last year by 40 percent.
Why criminals are interested in your phone
The greatest threat for smartphone users are programs impersonating banking applications. Innocent-looking calculators, notebooks or games downloaded from outside the Google Play store, after they have been installed on the victim’s device, launch a hidden, malicious module which will start to “spy” on our phone.
After such false banking application has been installed, the victim may see a warning on their smartphone screen in which they are asked for example to change their password in online banking or make an urgent payment. The objective as in the case of any phishing is only one: take over the login, password, and force the victim to copy the SMS code. This opens the route for withdrawing literally all money from the account.
There are more threats
Theft with the use of a smartphone may take place in many ways. Malware often takes over text messages sent to us. They are not operating alone – they are combined with a virus which at the same time attacks our computer.
So it may happen that criminals attack us from “two sides" – the virus on the computer forces us to enter our login and password on a false bank page, and the virus on the smartphone will intercept messages sent by the bank. The victim of such attack will not even realize that they are being robbed.
Viruses created especially for smartphones also have other “tasks". They steal the address book, send messages on our behalf, asking e.g. for a loan.
The virus may even lead to a damage to the smartphone, and it may do it in two ways. There is a software the purpose of which is to "kidnap" a smartphone. It becomes the criminals’ “slave”. The user has considerable problems with opening any application. They do not know that in the background malware is opening thousands of pages with advertisements for which criminals collect money. Particularly malicious viruses can hide in the system. In such cases even restoring factory settings on the phone, i.e. full reset, will not remove the virus. It will be necessary to employ a professional service.
Criminals also use smartphones in order to use them to “mine” cryptocurrency. And in this case the victim cannot use the device. The smartphone is the hackers’ “slave” and they use it to conduct specialist cryptographic calculations. In extreme cases, they can cause the battery to overheat and become physically damaged.
Criminals also use smartphones in order to use them to “mine” cryptocurrency. And in this case the victim cannot use the device. The smartphone is the hackers’ “slave” and they use it to conduct specialist cryptographic calculations. In extreme cases, they can cause the battery to overheat and become physically damaged.
The telephone is also an objective of an attack by criminals calling from expensive premium numbers. The crime consists in making a short call. The victim, seeing that someone tried to contact them, calls back the unknown number. And they charge their telephone account with an amount of a dozen or so or even tens of zloty.
How do you defend yourself?
The best thing to do is to be reasonable and refrain from downloading applications from unknown sources. It is also good to approach carefully any items appearing in official stores, e.g. Google Play. This is because every year hundreds of innocent-looking applications appear there which, when installed, download malicious modules. We should pay attention what authorizations we award the application. For example, a calculator should not have any rights to read or send texts. Too many authorizations should always make us vigilant.
Users should not enable downloading of applications “from other sources” – this setting should remain unchanged in the Android system. It is also worth being cautious when using the Internet in open hot-spots. Such places attract criminals who send links to malware.
In 2017, cyber criminals stole USD 172 billion in total, and there were nearly one billion victims worldwide. Considering that 4 out of 7.5 billion people have Internet access, the risk of an effective attack is very high.
Read also:
Why is phishing no. 1 method among cyber-criminals?
The cyberspace may be as dangerous as the real world. Sometimes you simply respond to an e-mail allegedly sent by your bank, and you find yourself in a blind alley. Criminals have a proven tool to back their victims into a corner: phishing. This tool is used ever more often.
Published over 6 years
from Citi Handlowy Magazine
