Your smartphone is a gold mine of information as there is probably an App for every aspect of your life; from trading Apps, to banking Apps to social media Apps and even Apps that control your light bulb. Hackers know that access to your smartphone is equivalent to access to your finances, and yes they are after the money.
However to get to your money, they need to conduct social engineering to get information about you, and so they target your social media and email accounts, which are also on your smart phone.
Today people have internet-connected “smarthomes” where light bulbs, refrigerators, cookers, and garage doors are controlled from a smart phone.
Although this makes life more comfortable, the Apps that control these appliances are not usually secure and are easy to hack. When this happens, information such as your Wi-Fi password can be retrieved and this can grant the hacker access to your smartphone to land and expand.
But why our Smartphones?
The answer is simple. You do almost everything on your smartphone. Even two factor Authentication may involve sending a code back to your smartphone. Hackers are after your smartphone for the various reasons we will be discussing below.
#1. To access your social media account
According to a study carried out by the Federal Trade Commission, people lost $770 million in 2021 to scams that originated from social media.
When a hacker accesses your social media account, they could impersonate you and chat with your friends and followers to solicit monetary favour from them. They could ask your friend to send money and if your friend says he doesn’t have, they give him an account to send the money at a future date.
If you have social media friends who are vendors of products, the hacker could order a lot of product to be delivered to an address with a promise to pay at a later date, thus making you indebted.
These days, Facebook, Instagram and WhatsApp belong to the same parent company. The implication is that once a hacker breaches your smartphone and has your Facebook credentials, they could access your Instagram account by logging in via your Facebook profile.
They could also demand ransom from you before they relinquish control of your social media account(s).
#2. To get access to your Investing/Bank account
Today many phone numbers are connected to mobile money wallets. So if a hacker gets access to your smartphone, he can easily dial a USSD code, reset any PINs, and transfer money out of you mobile wallet.
If a hacker breaches your Banking App, he could set up periodic automated standing order payment instructions to wire money to hacker’s Bank accounts. Automated payments are designed to occur at a future date even if you don’t have money in your account at the moment.
If you don’t check your statement carefully, then you will not know that such a transaction took place.
Also, the popularity of online Trading and investing Apps has also attracted hackers to our smartphones.
According to a report by Safe Forex Brokers, retail traders & investors are increasing becoming targets of attack by hackers to steal your data. There are estimated to be over 100 million active retail investors & traders in the world; and more than 70% of them trade & invest via their smartphones. Many of these users are not fully aware of the best security practices. For example, many users turn off two factor authentication (2FA) for notification to their phone, email, which is important for security alerts and this puts them at risk.
Also, many hackers are targeting servers of retail brokers to get access to user data.
Once the hacker gets access to your investing or trading App, they could sell your shares and cash out to other bank accounts via wire transfer if your broker does not have security policies in place.
Also, some hackers can create fake websites that look like the website of your bank or brokerage, and they gain access to your account details once you enter your credentials. And these hackers could also sell your credentials to scammers.
#3. To get access to credit card information
We use our phones for a lot of online shopping on sites like Amazon, Alibaba, Jumia, etc. These sites store our credit card information.
A hacker could easily go to a popular Bar or train station and create a free Wi-Fi carrying the name of the public place like the train station. Unsuspecting individuals might take the bait and connect to the “free Wi-Fi’ and begin buying things from online stores.
The hacker is then able to see all their credit card information, and could sell them in the black-market. The hacker could also choose to buy items online and have them delivered to him or buy cryptocurrency.
#4. Social engineering works better on smartphones
Studies have shown that 6.64 billion people have smartphones and this is about 83.72% of the world’s population. Studies also show that they are over 10.57 billion mobile connections worldwide and this even exceeds the human population of about 7.93 billion.
Most people cannot remember when last they used a desktop computer to access their investment app, bank account, to check their emails, or to access social media. Using a smartphone is so much easier and convenient.
Some social engineering techniques are easier carried out on a smartphone user. Some of these techniques include:
- Phishing- This involves sending out emails containing malware with the hope that the recipient will act on it. The hacker could create an email address that looks similar to that of your spouse, your colleague, or that from your office. For example, instead of minttea[at]gmail.com the hacker could use mintea[at]gmail.com. This spelling difference can go unnoticed because of the limited screen size of your smartphone.
- Vphishing (or voice phishing) – This involves using advanced algorithm to create a deep fake of someone’s voice. Deep fakes were invented to translate movies to other languages but have been abused by hackers. They could fake the voice of your spouse and ask you to transfer money to an account. This will not be possible if you don’t have a smartphone to receive the call.
#5. To access your Company Information
You may have your company email installed on your smartphone. This makes work easy as you carry your office with you. Hackers know this and will try to hack your smartphone to get access to your official email and documents.
Once they gain access to your company email, they could solicit for wire transfers to be made to hacker controlled accounts. They could also steal company secrets and sell them to competitors or use them to solicit ransom payment.
Signs your Smartphone may have been hacked
- Some Apps slow down and begin to lag
- Your battery runs down faster than it used to
- Your smartphone’s general speed decreases
- Your phone gets warm when not in use
- Your smartphone restarts on its own
- New apps you didn’t install appear in your phone
- Your phone dials numbers on its own
- Strange phone numbers appear in your call log and your call units are used up
- Strange text messages appear in your sent items and inbox
- Strange emails appear in your outbox when you didn’t send them
- Inability to turn your device off
- Your phone opens Apps on its own
- Your voice echoes during a call or you hear strange noises
- Your mobile data finishes faster
- Increased Adware and popups appear on your phone
- When you send emails they end up in the recipients spam folder
Ways to protect yourself
Install an Anti-virus software
Antivirus & Anti Malware programs scan email attachments, and scan all the Apps installed in your smartphone periodically to make sure there is no Trojan app or virus.
The antivirus program should be updated regularly, and when it warns you about an App, do take the warning seriously.
Limit the personal information you share on social media
When hackers are trying to breach your security, most Apps will ask for password retrieval questions. Some common questions border on the name of your spouse, parents, where you got your first job, etc.
All this information may be found on your Facebook or LinkedIn profile. It is a great idea to tinker with the privacy settings on your social media accounts to limit information the public can see.
Delete any App that seems suspicious
Check your phone periodically to see how much data each App is consuming. If you use Instagram a lot, it is understandable if it consumes a lot of data.
However if you notice than an App you rarely use is consuming a lot of data, delete it. It might contain malware.
Don’t click on suspicious links
If you get a message with a link and the URL is not clear, don’t click on it. You could also use your mouse to hover over the link and the URL will pop up. If the URL doesn’t match what the link is about, don’t open it.
Don’t ask an App to remember your password
When we log onto Apps and websites some of them give us an option to remember our passwords. It is not safe to have your password stored because hackers can retrieve it by running complex algorithms.
If you leave your phone unlocked, someone could easily pick it up and use the remember password function to gain access to an App.
Disable automatic connection to unknown Wi-Fi networks
On your smartphone it’s safer to choose the option which lets you manually log on to Wi-Fi networks. Hackers could spoof a Wi-Fi network and when your smartphone automatically connects to it, they can see all your data including your phone number, email address, IP address, credit card number etc.
It’s also a good idea to avoid Wi-Fi that are not password protected and that have the word “free” included in their name.
Update your Browser
Security bugs in browsers that are old can be exploited for scams. Browsers release their latest versions from time to time to keep up with any bugs & security vulnerabilities. You should set your browser to auto-update.
They are never going to stop
It is unlikely that hackers will wake up one day and turn a new leaf. You need to be a step ahead of them by being cautious and thinking before you click on any link. Always password lock your smartphone so nobody can install spyware on it when you’re away.
When installing an App only grant it necessary permissions. Also don’t participate in social media challenges as some of them are started by hackers.
Example a social media challenge about posting your old and young pictures could be used for social engineering or identity theft. While you use your smartphone always remember that you may not be alone.