The rise of the mobile phone as an internet connected device – and a burgeoning shopping channel – means that it too is now an extra channel through which online fraud can be perpetrated.
Since it connects to the web it is prone to many of the same problems as ‘traditional’ online channels, however, through its app ecosystem, its ability to make calls, its nascent payment abilities and its mobility, it is also prone to many others.
Read On:
Types of digital fraud
Fraud and the law
What is fraud?
And this is a growing challenge for any business. All the types of fraud that are perpetrated through online channels, can also be found on mobile, plus a load more – and as a small business you can be victim of these or see your customers being victimized by them.
Of course most of the ways fraudsters can get to your device do have many layers of security – and mobile phones, with their SIM cards – are actually much more secure than PCs.
However, you have to assume that as fast as the good guys develop better security, the fraudsters are often one step ahead and soon they have overcome it. So below we outline what can happen if the security is breached.
Rogue apps
Apps are proving to be a great way for criminals to infiltrate mobile phones. The lure of free apps often sees unwitting consumers, business owners and staff popping a nice bit of malware onto their phone and giving away a load of personal information.
These malicious apps can do many things, says Samantha Swift, Online Security Expert at McAfee. Many ask for personal information in return for the free app, which can then be used directly by criminals.
Alternatively, many rogue apps now feature technology that will connect the phone to a premium rate number (owned by the fraudster) and connect to it and stay connected to it without the user knowing.
This racks up a massive bill and the fraudster disappears with the money, leaving the user to deal with the operator.
Other rogue apps malware can redirect calls, again allowing the fraudster to gain personal data and/or call charges.
One way to avoid being caught out this way is to download apps from reputable apps stores such as Apple’s App Store and Google Play. Even then, read the reviews and if necessary google the name of the app and its supposed developer to make sure its on the level.
SMS and MMS scams
While apps are proving a new and exciting way for fraudsters to deliver malware to mobile phones, the use of good old fashioned text (SMS) and picture messaging (MMS) is a much more established threat.
Again, these technologies can deliver rogue software that can steal personal information, hijack calls and secretly dial out to premium rate numbers, as outlined above with Rogue Apps.
However, these ‘old school’ delivery technologies are also widely used to perpetrate much more prosaic frauds.
SMS and MMS are both used to deliver phishing (or Smishing as it is called on mobile) message that are designed to con the user into replying and divulging personal information that the fraudster can then use.
A typical Smishing scam informs the victim through a SMS message that his/her bank account was compromised or his/her ATM card was deactivated.
The victim is directed to call a phone number or visit a spoofed website to reactivate the card. Once at the website or through an automated phone system, the victim is asked to provide his/her card, PIN and /or account numbers.
So, don’t respond to text messages that request personal or financial information and verify the phone numbers that appears in the message.
You can also store any legitimate phone numbers or SMS short code associated with banks or other key businesses you deal with in your contacts for future reference. However, most banks and businesses won’t contact you this way. If in doubt, call the bank.
Wifi Malware and hacking
As more and more consumers get smartphones and demand always on connectivity, so the use of wifi wireless technologies have grown. And as with any growth sector, it has attracted its own fair share of fraudsters.
There are a growing number of wifi networks out and any number of these can be used to infiltrate your phone. Most ask for details at sign up. Some even ask for a credit or debit card to pay for access. Be very careful to use only those you know and trust and ideally which are free.
So how does this scam work? Wifi networks can be offered that look like they are being run by a brand you recognize, or even one that you don’t, in a public space and you sign up, give card details and more and happily carry on doing your thing.
In reality the ‘network’ is a fraudster with a laptop and some kit that has just taken all your details.
There is no clear cut way around this other than to use only recognized networks that are free.
Bluetooth hacks
While the use of wifi is booming, many more users are also tuning in to Bluetooth, which offers short range wireless connectivity for phones and other devices. And this, like any other connectivity, can be used as a way into the phone.
Back in the 1990s there was a spate of ‘Bluejacking’ where often pornographic material was anonymously pinged onto phones using Bluetooth.
This happens less these days, but the principles are the same: you have Bluetooth switched on and someone can get ‘in to’ your phone. This forced entry can then be used to deliver malware, steal data or dial PRS numbers as before.
The expected rise of Bluetooth Low Energy (BLE) services around things like Apple’s iBeacons, through 2014 is likely to see more Bluetooth based hacking take place.
What can you do about it? Turn Bluetooth off is one option, other than that keep your OS and apps up to date as these updates often contain the latest security updates for your phone.
Location hacking
The latest in the growing list of vulnerabilities of mobile to fraud are apps that use your location in conjunction with your other apps to defraud you. Here is how it works: The app asks you to use your location information (as many do).
You say yes and it then pulls off not only where you are, but starts to take things out of other apps you have running. In theory it could also then start to use your location to gain access to other data on the phone.
This is a proto-scam in that not much has been reported about it, but it seems that it is threatening to be another key way into devices in the coming months. Watch this space.
Speak Your Mind