With 88% of all UK adults owning a smartphone in 2022, the appeal of smartphones as a target for Cyber Attackers is huge.
As the vast majority of the adult population own and use a smartphone this subsequently means that the services accessible via these devices are increasing daily. This makes it the ideal target for Cyber attackers due to the range of services, technologies and people available to exploit.
These attacks occasionally occur through technical vulnerabilities in the smartphone, where Cyber attackers will find a weakness in the security of an application or the operating system and take advantage of it. They can then use this to perform harm, such as leak data, use your device as part of a botnet or use your data to commit identity theft.
This type of attack requires large amounts of knowledge and technical resource to commit, making it less common than simpler attacks. The best prevention method from this attack method is to ensure that your device is always running the latest system software and all apps installed to your device are updated to the latest version. The next best prevention is to make sure that apps you download are only downloaded from trusted developers and sources. This means that you would download an app with lots of reviews by a well-known software vendor company and only from a trusted app store.
Attacks through technical vulnerabilities are often harder to prevent from an individual level. However, the most common type of attack is caused entirely by actions you as the user perform.
Connecting to public Wi-Fi can cause huge security problems for individuals, as the network may be set up to spy on the individual that connects to it. This is done through man in the middle attacks.
These attacks are essentially where a third party sits in the middle of an attack and eavesdrops on the data transmitted over the network. These attacks are for monitoring and do not modify the data so the people on either side of the attack are often unaware. However, the attacker has the power to modify the data should they wish to. This is easily preventable, by not connecting to public Wi-Fi networks.
Other common mobile attacks are performed through social engineering. Social engineering is the use of deception or manipulation to get an individual to perform an action. Most commonly this is to get an individual to give confidential information.
These attacks commonly occur through targeted messages via popups, advertisements or phishing attacks. These attacks are easier to execute, as they require fewer resources and skills however, they are often easy to identify and prevent against.
Phishing attacks are targeted messages sent via email, social media or SMS messages to an individual that require them to perform an action that gives the attacker data. This could be something simple, like reply to a message or call a number as shown in the screenshot below.
This message, whilst incredibly simple, is effective. This is because it is specifically targeted at mothers, many of whom would receive this and worry about their child, subsequently causing them to reply. The attacker could then deceive the victim into sending money to their bank account or providing personal information.
Another example of a phishing attack warns an individual that their Apple pay has been suspended due to unusual activity.
Apple Pay is a service for iPhone users (Google Pay being the Android equivalent) that allows individuals to use their devices as a contactless payment method.
As the message warns of unusual activity, this could suggest to the individual there account has been used and their money will have been spent. Many will click the link in the message to further investigate. The standard practice for these messages is the link will take the individual to a login page, which is a clone of the genuine page, in order to steal credentials.
However, it is noticeable that the link does not look like a genuine Apple link in this message, making it easy to identify as suspicious.
Both of these messages share two common characteristics of phishing attacks delivered via SMS, which is also known as Smishing. These include a sense of urgency and coming from an unrecognised mobile number.
The sense of urgency is a common characteristic among phishing attacks as it compels the recipient to respond.
The unrecognised number is common because the attackers are using whatever tools they have available, not the genuine source of a legitimate message.
Staying Cyber Wise online is critical, regardless of the device you use to access the internet. We provide expert training and simulations to keep your team secure for both their business and personal lives. Click here to learn more.