Smartphone Scams

In brief

Our society has more smartphones than computers. This is not surprising as these small devices are themselves super-powerful computers that connect with our colleagues, work partners and family. We avail of benefits such as constant Internet connection, GPS, email and messaging services and useful applications. It’s been a long time since our mobile phone was nothing more than a simple means of communication – it is now a work tool that holds a lot of sensitive data and has become a prime target for fraudsters.

The best known smartphone risks can be assigned to two categories:

  1. Data loss
  2. Loss of money

The following cases are described, with loss of either data or money as a consequence.

1. Result = loss of data

Data such as personal information, business data, contact information, photos, login information and passwords are all sought by fraudsters and can cause enormous damage if they get their hands on it.

Theft / loss of unsecured data

If you lose your phone or if it is stolen and if you have not secured the data it holds, it will all be available to whoever finds or stole your phone.

Make regular backups of your data. Encrypt all sensitive data on your smartphone and set up a screen lock. In this way, you save a little time and you can lock your device remotely or delete content before an unauthorised person can access it.

Lack of precautions during archiving

Do you leave documents on a server or on the cloud? By using data encryption and strong passwords, you can prevent them from falling into the wrong hands.

Failure to clean before disposal

When you get rid of your telephone, you must first delete all the data it holds. Even using the “Restore Factory Settings” function there is a residual risk that data can be retrieved. It is therefore advisable to encrypt all data before deletion. For even better protection, irrelevant data can be entered on the device after deletion of the encrypted data, followed by a second restore factory settings.

Applications that access sensitive data

Special attention should be paid to data accessed by free applications. Ask yourself whether access to the data is justified by the benefits that the application provides.

“Network Spoofing” (infected WiFi)

A malicious person can create a WiFi or GSM hotspot that resembles a legitimate network to entice unsuspecting users to connect their device. Data moving between the access point and user smartphones can then be intercepted. The data will then be used for targeted attacks, such as phishing attacks. In general, sites requiring identification (login) or asking users to enter personal data without offering communication encryption (https) should be avoided.

Disable automatic network connection and your WiFi connection if you do not use them. In restaurants, hotels, cafés, etc. ask if a WiFi connection exists and, if so, what is its name and if a password is needed. Only secure WiFi networks using strong passwords that change regularly are relatively safe.

Spyware and malware attacks

Smartphones are not immune to malware! For example, an attacker can steal login data or credit card numbers by sending smartphone users infected apps or malicious attachments in messages which, at first glance, are not recognisable as such. If spyware has been downloaded to your smartphone, it can read or even change most of your data.

QR-Codes that lead to infected sites

Prudence is particularly required for QR codes added later on their media. Only scan QR codes from a trusted source.

Good practice
  • Make regular backups
  • Encrypt sensitive data
  • Use encrypted cloud services and a strong password
  • Protect smartphones by locking their screens
  • Use a monitoring program for theft protection
  • Avoid applications that require unjustified access to private data
  • Do not send sensitive data over a public or weakly secured WiFi network
  • Disable automatic WiFi connection
  • Do not open files sent to you without thinking, even if they come from a known sender
  • Do not be fooled by social engineering

2. Result = loss of money

Since the advent of mobile phones in our society there are methods at the limit of legality which make it possible to pick the pockets of users. These methods are now increasingly professional and malicious.

Subscription traps, premium SMS, premium-rate numbers

Expensive subscription contracts are so easy to enter into before you even realise what you’ve done… One example is when users take advantage of website offers to pay by mobile phone. Their phone number is entered online, they receive a confirmation message a few moments later and then they access the purchased content. Premium SMS are another way to get content (for example, news, mobile games, participation in competitions). These messages can cost up to 5 euros each, excluding the operator’s sending costs. Calling a five-digit premium phone number may be more expensive than you think. It is therefore better to read subscriptions and terms and conditions carefully when ordering by SMS or call, and don’t forget the small print …

You can normally terminate an unwanted subscription by sending the text “STOP” to the sending number.

Apps that send expensive SMS in the background

Unfortunately, these fraudulent applications are becoming more and more common. They entice you with free offers and send SMS in the background which are as expensive as they are invisible or dial premium numbers. You only notice the trap when you receive your monthly bill.

Call-back trap

The call-back trap is a scam that is gradually resurfacing. Someone calls from an unknown number (usually with a foreign code), but the phone only rings very briefly. If you call back, it will cost you a lot because it is a premium rate number. Your money goes directly to the fraudster’s account.  

Good practice
  • Read contracts carefully
  • Do not download apps from non-official platforms
  • Read user reviews before installing an app  
  • Check additional charges on monthly bills

Video : Network Spoofing

Table of Content