The rise of mobile commerce, gaming, and even banking, has brought convenience, but it has also opened the door to a flood of phishing attacks. Now, clicking on the wrong link in an email or responding to a phony message on your smartphone or tablet can land you in just as much trouble as it would on your computer.
Phishing is when you are fooled by a seemingly legitimate website, email or message into revealing personal information, such as login credentials, credit card numbers, and banking information.
For instance, you could receive an email from someone posing as your bank, and asking for you to confirm your account numbers or passwords. Or, you could even receive a phony text message or phone call from someone pretending to be a legitimate financial institution or retailer, asking for sensitive information.
Unfortunately, these relatively unsophisticated phishing threats can be quite effective, especially on mobile devices. This may be due to the way that mobile browsers display URLs on limited screen space—since mobile browsers often truncate web addresses, it’s difficult for the user to check if the domain name is legitimate. What’s more, some devices only show part of the sender’s address, making it hard for the recipient to tell if the message is really from someone they know.
Another factor that may make mobile users more vulnerable to phishing attacks is their “always on” nature. Mobile users are more likely to immediately read their email messages and forget to apply their mobile security practices, such as checking to see if an email is from someone they know and if any included links appear real.
Because they are checking their messages almost constantly, they are more likely to encounter phishing attacks within the first few hours of launch, before security filters have a chance to mitigate the threat.
Given the fact that mobile users are particularly vulnerable to phishing attacks, it’s important to take steps to protect yourself. Here are some tips to ensure that you don’t get hooked:
- Always be suspicious when you receive a text message from a company asking for personal information. If you believe the message is legitimate, call the company to verify the text.
- Be suspicious of unknown callers. If someone calls claiming to be from your bank and asking for personal information, call them back using the official number on the back of your credit card.
- Never click on a link in an unsolicited email or SMS message.
- Always double-check the web address of a site when doing a search on your mobile phone.
- Only download legitimate applications from your provider’s official app store, and read other users’ reviews to see if the app is safe before you download it.
- Consider mobile antivirus protection for your phone. For instance, McAfee® Mobile Security includes both antivirus and a web safety features to protect you from malware and phishing sites.
- Register your mobile phone with donotcall.gov. Even though cybercriminals and unscrupulous telemarketers may ignore the list, if you are registered and get a call from a supposed telemarketer that could be a tip that the offer is bogus.
Of course, just using common sense and taking the time to closely check the links and messages you receive will go a long way in increasing your mobile security. Remember, if something doesn’t feel right proceed with caution.