In the midst of the ongoing protests in Hong Kong, Google announced that it disabled 210 YouTube channels associated with “coordinated influence operations” in…
Be honest; no one’s judging you. Have you ever surfed for porn on your mobile device? Downloaded an app from an unfamiliar website? Clicked on a link a friend forwarded to your smartphone? Typed your password while you were in line at the coffee place?
If you answered yes to any of the above, you were asking for trouble. And you probably didn’t realize just how close you came to being another victim of a security breach.
From a security perspective, mobile devices are far riskier than desktops or laptops. And most people frequently — and unknowingly — do things on their mobile devices that make them susceptible to fraud, identity theft, data loss, and all kinds of other nasty things.
Grab the reins and take back control. Here are five tips that will help keep you safe in mobile online space and empower you to do more on your mobile gizmos, with greater peace of mind.
1. Know where danger lurks
“Malware” or malicious software and viruses have moved to the web—but do you know where you’re most likely to pick up an infection?
Yes, pornography sites are the most hazardous, according to recent research by Blue Coat Security Labs. But in fact mobile users are only visiting porn sites less than one percent of the time. The places mobile users frequently visit that have high risk include:
- Computers/Technology: When you browse computer/technology-related sites you’re at high risk. An example: one of the first offers of an Android version of Skype was actually malware.
- Web advertisements: Cybercriminals have been refining “malvertising” for mobile. Recently, for example, an ad for an Angry Birds download was a malicious app that actually made premium SMS calls and then billed people without their knowledge.
- Entertainment sites: Games and gambling sites are popular destinations for mobile users — and equally popular for purveyors of malware, “phishing” exploits, and phony downloads such as PDFs or browser updates.
- Search engines: As search engines become more widely used in the mobile online space, search engine poisoning (SEP) tactics are becoming increasingly more prevalent.
2. Click with care
The mobile webscape is filled with ads, offers, promotions, and weblinks — and there’s no easy way to tell which are legit and which are phony. You can’t even tell by looking at the URL. For example, the Yammer mobile app has a different URL than the web-based version, but both are legitimate.
Many tempting offers even duplicate the look and feel of legitimate sites — but are designed to deliver malicious payloads that steal your personal information. So in general, be careful what you click. If you’re not sure where it goes, don’t go there.
3. Beware of shoulder surfing
When you type your password on a desktop computer or a laptop, usually the characters you type are masked — with asterisks, or dots, or something similar.
But when you type your password using a mobile device, many times the characters are not only visible but highlighted. That’s because mobile screens are small and people want to confirm that they’ve entered the password correctly before they proceed. And that’s why shoulder surfing is an increasingly popular low-tech tactic used by identity thieves.
4. Stick to the app store
The mobile web is loaded with offers of free app downloads. Most are legitimate. But some are not. Some are so-called “drive-by download” exploits that embed viruses, spyware, or malware onto your mobile device.
How can you tell the difference? For all practical purposes, you can’t. The URL may look suspicious but may actually be legitimate; it may look legitimate and actually be fake. The best policy for apps: avoid downloading from sites that are mobile-only or that are littered with ads. In general, download apps only from trusted app stores. After all, you wouldn’t buy Microsoft Office from a back alley store in the bad part of town.
5. Don’t swallow phish bait
“Phishing” scams try to trick people into surrendering private information by pretending to be a legitimate enterprise. For example, you get an email that looks like it’s from eBay, claiming that your account is about to be suspended unless you click a link and update your credit card information.
As a tactic, phishing is far more productive than spam in the mobile arena. So what can you do to protect yourself?
First, be informed. Banks, credit card companies, the IRS, and other legitimate institutions will never communicate with you and request information that way. If you’re unsure, call them directly.
The same goes for warnings of an impending “computer crash” that will happen if you don’t click, or claims that you’ve won money, or that your password has been compromised. Be skeptical and don’t bite.