We use our mobiles for everything. From arranging dinner dates to replying to work emails to ordering flowers and even catching up on our favourite missed TV programmes from across the Atlantic. With a mobile generation comes a newer and more sophisticated way of luring us into entering our details and our falling victim to cyber scammers. With close to 5 billion mobile users across the globe, that’s a big pond of potential targets; a ‘phisherman’s’ dream.
How do you define phishing? Symantec defines it as “an attempt to illegally gather personal and financial information by sending a message that appears to be from a well-known and trusted company”. It’s usually characterised by a link to a fake webpage that looks legitimate and asks you to log on and enter your details. These details are then sent across to the phisher and will then redirect the user to the legitimate site to escape detection.
If you consider all the personal information you store on your mobile phone, you start to realise that if a hacker was to gain access to it, they could become you and use it to carry out transactions without your knowledge. If this was a phone that you use for work, it could give them access to valuable business data and customer information.
Here’s how to ensure your colleagues aren’t baited into sharing sensitive data or having it stolen from their mobile device. Here are five types of phish that could leave you in deep water!
The Phish in disguise
The main goal is to fool the recipient into revealing confidential information by impersonating a legitimate company or person. For example, email that appears to come from Apple or PayPal, which at a cursory glance look legitimate, but when you look closely at the email address, it’s clearly a phish in disguise. Often, the subject might be a high-value transaction that’s been are brought to your attention, prompting you to act quickly, but beware of spelling and grammatical errors. Always be wary of emails which don’t address you personally, use threatening language, contain spelling errors or ask you for personal information. Always think before clicking a link…
The phish with a spear
A phish armed with a spear has caused some of the biggest cyber attacks in recent history. A spear phishing attack is targeted on a particular person or company and the fraudsters will do their research. They’ll put time into creating an email that looks completely legitimate and will gather their intelligence by using company websites and social media to build their own phishing profile.
On receiving personalised emails, the target is lulled into a false sense of security and may end up clicking on a link that will download malware, or request that they log in to another website. The best form of defence against spear phishing? Educate your staff to remain vigilant and where necessary, double-check with your IT department or Managed Service Provider before taking any action on a suspect-looking email.
The socially-aware phish
The steady rise in popularity of social media has also seen an increase in the levels of social media phishing scams where attackers exploit our reliance on sites like Facebook, LinkedIn and Twitter to trick us into revealing personal information. Think about how many of your favourite online retailers use your Facebook login details…
Some of us might share a lot about our lives on our social media platforms, and this allows an attacker to build a comprehensive picture of us to target with a phishing attack. Phishers have also been known to use links in messages on Facebook to redirect us to fake sites pretending to be legitimate ones. Think about your privacy and also your privacy settings, steering clear of suspicious links, and not accepting friend requests from people you don’t know. Also, consider carefully before sharing any personal information on the web – do you really need a web-based algorithm to ‘wish’ you happy birthday?
Subscribe to our thinking
The malware-based phish
Malware-based phishing scams are the best way to target the most people at once in a large-scale attack. It involves sending an email with an attachment or downloadable file, which when opened infects your computer with a virus, ransomware or other programmes that will access your data. This was what happened with WannaCry successfully attacked over 200,000 victims in over 150 countries. Never click a link or open an attachment if you don’t recognise the sender.
The file-sharing phish
The appeal of sending large files via Google Docs and Dropbox has also made them an attractive way of targeting users with phishing scams. Many businesses (maybe even yours) use these sites to transfer large files to clients. Back in 2017, Google Docs was the victim of a large-scale phishing expedition with around 1 million users having their personal details stolen after clicking a link.
This led users to a fake Google page hosted by Google’s servers, but by entering your password, you were redirected to a third-party site. If in doubt about a website link or attachment, hang back and ask for a second opinion. You might also consider whether two-factor authentication might be a worthwhile extra layer of defence to protect your online accounts.
One of the best ways for your employees to safeguard their data and to protect your business’ valuable data is to be wary of a phisher’s work when you see it. It’s also down to managing the apps that your mobile workforce can access on their mobile devices, implementing an effective Enterprise Mobile Management strategy and using secure file transfer services.
Do you want to discuss how we can help you find an Enterprise Mobility security solution that fits your business? Contact Intercity Technology today or download our full EMM guide for more information.
The post Gone phishing – Why Android and iPhone users are susceptible to cyber phishing scams appeared first on Intercity Technology.