Online & smartphone security

Cell phone vs Smartphone

Cell phone vs Smartphone

By Catherine Haug, December 21, 2015 (Image, right, from tekhandy.com)

I’ve been collecting information on protecting yourself online and on your smartphone, which I share here. The more we get involved in the cyber world, the more vulnerable we are to cyber attacks.

Includes: 1. Security for smartphones and cell/mobile phones; 2. Tips for protecting all your mobile devices; 3. Tips for secure Online and Mobile Banking from your Smartphone (and other mobile devices); 4. Tips for making safe online purchases on your mobile device; 5. Bogus malware warnings on your computer screen; See also: Online & Smartphone Security: Fraudulent emails

Smartphones and cell/mobile phones

Before getting into smartphone security, what is the difference between an ordinary cell phone and a smartphone?

The image, above right, illustrates the difference in how they look. But the difference is much deeper than that. (1, 2)

  • Cell or mobile phones’ primary function is to place and receive phone calls by connecting to a wireless communications network through radio waves or satellite transmissions. With most you can send/receive text, picture and video messaging.  With some cell phones you can view websites and send/receive emails. Most (but not all) have a keyboard.
  • Smartphones integrate mobile phone capabilities with the more common features of a handheld computer. They are like a mini computer/tablet with a touch-pad that can also place and receive phone calls. A keyboard is a basic requirement.

Technically, the difference is that smartphones have a mobile operating system (such as Windows MobileiPhone OS, and Google’s Android, and others); cell/mobile phones do not. (1)

Smartphone Security

The following is from the February 2015 issue of Rural Montana magazine, on Smartphone Security, by Ryan G. Hall (3).

Just like a computer is vulnerable to electronic viruses (malware) or hackers, so also are smartphones. In fact, some malware is designed specifically for smartphones. But there are ways to avoid being a victim.

The most important thing is to know what kind of threats exist so you can be prepared. Most attempt to steal your data and/or identity; others assume control over your phone (or computer) to take part in a cyber-attack. These can be either targeted or opportunistic; the latter is the most common. In this case, a hacker infects a website or sends out an infected link for email or text message. They can record what you type, and/or record audio or video at any time without your knowledge.

How do you get malware on your device?

  • By visiting an infected site (such as clicking on a link in an email/text or from a web-search, when that link unknowingly goes to an infected site);
  • By unknowingly downloading the virus;
  • By a hacker placing the virus on your hard drive.

For example, the following sequence:

  • You get an email informing you that something suspicious occurred with your bank account and you need to click the link to visit the bank’s website and verify your account details.
  • So you click on the provided link. It provides a page that looks just like your bank’s online site.
  • But instead of asking for the usual security questions (such as name of your first pet, or your favorite teacher in grade school), it asks for things the bank should already know: your full name, credit card number associated with the account, expiration date of that card, and your social security number. This is an example of a phishing email (phishing for your personal and banking information).
  • DO NOT ANSWER THOSE QUESTIONS!! If you do, you’ve just given the hacker your valuable personal information. You’ve given the hacker control of your bank account (and possibly control of your smartphone, too).
  • WHAT YOU SHOULD DO INSTEAD: STOP!
  • If possible, take your smartphone (or other device) to the bank to show them the suspicious window.
  • If that is not possible, call them and explain what you see and why you are concerned.

Tips for protecting all your mobile devices (smartphone, tablets, etc.)

The following is  from the Rural Montana, Smartphone Security article (3), with Cat’s notes in brackets [xxx]. Many of these recommendations also apply to your home computer or laptop.

  1. Always use a screen lock code [like PIN] – either a number key or a pattern, not just a swipe. This will prevent someone from accessing your data if they get a hold of your phone.
  2. Encrypt the data on your device. This option, which is  usually found under “settings > ‘security tab’,” makes it so someone can’t just plug your phone into a computer and view your data. It’s quick and easy – just a click of a button.
  3. Don’t run Bluetooth in the “discoverable” mode. On the newest Apple devices, such as iPhones, this option is automatically disabled unless you are actively pairing a device. for Android phones, there is a box under ‘Bluetooth settings,’ labeled “discoverable mode,” that you will want to make sure is un-checked.
  4. Use a mobile antivirus program. [Ask your phone or computer support person for recommendation.]
  5. Always download apps only from the official app store for your device; do to click on links for downloads [as it may download malware rather than the app you thought you were getting].
  6. Delete from your device, all Wi-Fi network connections that are not your home network. If you visit a fast-food restaurant or a hotels and connect to their free Wi-Fi, a hacker could name their wireless network the same as that establishment and your phone would automatically connect to it, allowing the hacker to view your data. [Instead, make note of the connection info for Wi-Fi networks you commonly use elsewhere, such as a notebook you carry with you, and connect when you want to use it. If you don’t know how to do this, ask your phone or computer support person. Remember to delete the connection from your device when you are finished.]

Tips for secure Online and Mobile Banking from your Smartphone (and other mobile devices)

The following references are from Tiger Mobile’s article on Smartphone Security Guidance (8):

  • Online andMobile Banking Security Tips (9) covers the best security practices for modern smartphones and mobile devices. It also includes tips on staying safe while shopping and general cyber and network security advice.
  • Tom’s Guide Mobile Banking: 8 Tips To Protect Yourself (10) lists important ways you can protect your device so that your mobile banking experience is safer.
  • Mission Federal Credit Union’s guide: Safe Mobile Banking Practices (11) covers how to set up a strong password, guidance on jailbreaking your phone, downloading apps safely, using security software, and more.

Tips for making safe online purchases on your mobile device

The following tips are from Tiger Mobile’s article on Smartphone Security Guidance (8), with Cat’s notes added in brackets [ ]:

Tips:

  • Use familiar websites (Amazon, iHerb, etc.);
  • Look for SSl locks in the browser bar: [check the url for the page where you enter your credit card number (or to use services like Paypal) begins with ‘https:” rather than “http:”)];
  • Check your next statement for discrepancies between what you thought you spent and what you actually spent, [and for charges you did not authorize].

Other references:

The following are from Tiger Mobile’s article on Smartphone Security Guidance (8)

  • Business Insurance Quote’s online guide, 10 Ways To Stay Safe When Shopping Online (12), shows you how to shop online without risking your personal financial information.
  • iolo’s 9 Tips For Safe Online Shopping (13) helps protect you from identity theft, outlining a basic strategy for locking down your mobile devices, installing anti-malware apps, and how and when to share personal payment information with others.

Bogus malware warnings on your computer

These warnings will appear suddenly, and it can be very scary. How do they happen?

Most likely you did a search using your browser (such as google, etc.), then clicked on one of the search results. This may set the malware in motion. Or there may be a link on the page that comes up, purportedly to redirect you, but in fact sets the malware in motion.

Suddenly you get a warning on your screen; these warnings can appear in at least two ways:

  • Appear as a popup window in the middle of your screen, with a message and  a telephone number to call for help;
  • By taking over your screen with a message and a phone number to call for help.

The message may tell you:

  • You have a major security issue;
  • Your screen has been locked;
  • You will be detained or will face criminal procedures if you refuse to pay a fine (one example of this purports to be from the FBI (showing an fbi.gov bogus url)

DO NOT CALL THE PHONE NUMBER ON THE MESSAGE! even if it purports to be a ‘help’ number, or a support number. If you do call it, you will speak to a person who says he/she can help you resolve your issue, but in the end that person just wants your money or credit card information – or worse.

The ‘help’ person might ask for your permission to access your computer. DO NOT GIVE PERMISSION TO ACCESS YOUR COMPUTER, as it will just make matters worse. (Note, however, if you call the real support service – not the one in the fraudulent email – you may give the tech permission to access your computer. However, it’s best if the ‘access’ is ‘read and point’ only, meaning the tech cannot alter anything on your computer and cannot type any text or click any links. Instead the tech can use an on-screen pointer to indicate where you should click or enter information.)

Even if your screen is locked and you cannot unlock it, do not call the phone number. Instead, call your trusted local computer support person, someone you have worked with before.

If you have called the number on your screen, and allowed the person remote access to your computer, that person likely has compromised your hard drive. Hopefully you have a recent backup saved. But in any event, you trusted local computer support person can help you.

If you don’t already have an anti-virus/anti-malware program installed on your hard drive, ask your trusted support person for a recommendation and have it installed.

Reporting Online Crime:

If you have been a victim of online crime, you should report it to the FBI: Internet Online Crime  Complaint (IC3) Center (5). Every report will help them track down the criminals.

If the crime involves email, see Fraudulent emails (moved to a separate post). You will need the complete email header, which is described in that posting.

Fraudulent emails

These can be received on  your desktop or laptop computer as well as mobile devices. This section has been moved to its own posting: Online & Smartphone Security: Fraudulent emails

References:

  1. cellphones.about.com/od/coveringthebasics/qt/cellphonesvssmartphones.htm
  2. webopedia.com/DidYouKnow/Hardware_Software/smartphone_cellphone_pda.asp
  3. Rural Montana, February 2015 issue, “Smartphone Security; Tips & Tricks to Hep Keep your Data Safe on Mobile Devices” by Ryan G. Hall; online at online.fliphtml5.com/oztl/mitw/#p=9
  4. FBI: email scams: fbi.gov/scams-safety/e-scams
  5. FBI: reporting online crime or email hoaxes: ic3.gov/default.aspx
  6. US CERT (Computer Emergency Readiness Team) pdf on email scams:  us-cert.gov/sites/default/files/publications/emailscams_0905.pdf
  7. Wikipedia on email fraud: en.wikipedia.org/wiki/Email_fraud
  8. TigerMobile: Smartphone Security Guidance (tigermobiles.com/2015/12/smartphone-security-guidance
  9. Online andMobile Banking Security Tips (financialfraudaction.org.uk/Consumer-fraud-prevention-advice-remote-banking.asp)
  10. Tom’s Guide Mobile Banking: 8 Tips To Protect Yourself (tomsguide.com/us/mobile-banking-protect-yourself,news-18874.html)
  11. Mission Federal Credit Union (San Diego, CA) guide for Safe Mobile Banking Practices (missionfed.com/files/Safe_Mobile_Banking_Practices-11_13.pdf)
  12. Business Insurance Quote’s online guide, 10 Ways To Stay Safe When Shopping Online (businessinsurance.org/10-ways-to-stay-safe-when-shopping-online)
  13. iolo’s 9 Tips For Safe Online Shopping (iolo.com/resources/articles/9-tips-for-safe-online-shopping)

Comments are closed.