Mobile security is never a given. Period. There are so many ways in which a bad actor can have at the data you transmit from your smartphone or have you clicking on malicious links. Software development companies do everything they can to prevent such things from happening. But no matter how hard a developer tries, a portion of the responsibility does rest on the shoulders of the user. No matter how secure a program is, that security can easily be compromised when used poorly.
Such is the case with phishing scams.
What Is a Phishing Scam
A phishing scam is any fraudulent attempt at getting a user to hand over sensitive data. That data can be a social security number, bank account or credit card information, passwords, usernames, and more. Once that information is in the wrong hands, your identity can be stolen, your bank accounts drained, and much more.
Phishing is an extension of social engineering, which is a hacking technique to deceive users. A good example of this is when you get those calls, claiming to be from the IRS, insisting bad things will happen to you if you don’t pay your back taxes. Thing is, the IRS never attempts to contact you through the phone. If the IRS wants to reach out to you it will be done via the USPS.
However, there are bad actors out there who know people will fall prey to such claims and will, in turn, convince those people to hand over sensitive information. This is one of the many reasons why the outsourcing of software development has risen in popularity (especially with smaller companies, who don’t have the resources to always be on top of the latest phishing trends).
There are a few types of phishing scams, including:
- Spear phishing is an attempt directed at specific individuals or companies.
- Whaling is a spear phishing attack directed at senior executives and other high-profile targets.
- Clone phishing is when a legitimate email (containing an attachment or link) has been delivered and is cloned. The cloned email has the legitimate links replaced with malicious addresses, and the email is resent to the same recipient.
- Smishing is a phishing scam perpetrated via SMS messaging.
- Vishing is a voice-mail phishing scam.
But what can you do to avoid these traps? Let’s take a look at a few possibilities.
Let’s first discuss how to avoid SMS phishing scams, as they are generally the most prevalent and fairly easy to spot. There are certain clues that can indicate a text is a possible phishing scam. Those clues include:
- Receiving texts from people not in your contacts.
- Texts with misspellings.
- An offer that is too good to be true.
- Request for personal information.
- Links in texts that you don’t recognize or haven’t requested.
- Suspicious contact numbers.
- An attempt to get you to act quickly.
- Contact names that, at first, seem legitimate, but are not.
- A message that comes out of the blue.
- A message comes with a shortened link.
- The message doesn’t address you by name.
If you find any of the above in your SMS inbox, your best bet is to simply delete them. You could also turn to your software development providers for help with how to keep those emails from arriving in the first place. If you don’t currently have a provider, now might be the time to consider software development outsourcing.
This one can get a bit tricky, depending on the email client you use. But as for links found in your email inbox, there is something you should always do (this trick holds true for desktop email clients as well). Say, for example, you open a message in the Gmail app and there’s a clickable link. Instead of tapping that link, long press it and then, when prompted, tap Copy Link (Figure A).
Copying a hyperlink with the official Google Gmail app.
With that link copied, open up a note-taking tool (such as Google Keep) and paste the link in a new document. Once you can see the actual link, you can decide if the link embedded in the email is legitimate or a scam. If the link doesn’t match up with what is described in the email, chances are it’s a scam and you should simply delete the email.
As for website scams, the first rule of thumb is to not visit sites that are not commonly accepted as safe. Outside of that, avoiding phishing scams in your mobile browser should be handled in the same fashion you do in your email client. Copy/paste suspect URLs before you visit them. Why? Because most mobile web browsers do not have reliable anti-phishing tools built in.
The reason for this is because phishing scams come in so many varieties, so they are very difficult to predict. This is also why avoiding such scams relies heavily on the user to work wisely with mobile devices.
Avoiding these is simple: if someone leaves a message claiming to be from a legitimate company requesting personal information, do not call them back. Instead, look up the official number for the company and ask if someone within the company left a message for you. This will require you to take down the name of the person who left the message. If that person does exist within the company, you can then be asked to be transferred to their voicemail, where you can return the favor and leave them a message.
As a rule of thumb, never trust any voicemail requesting personal information.
For those that don’t trust themselves to always be alert to these types of scams, you might want to consider installing a security app. One of the more reliable options is Avast Antivirus. This particular app does an admirable job against phishing attacks generated from emails, phone calls, infected websites, and SMS messages.
But, again, do not rely solely on a security app. If you aren’t vigilant, it’s not a matter of if, but when you will fall victim to a phishing scam.
Read Full Article Here – How to Avoid Phishing Scams on Your Smartphone