Beware: Mobile phones are latest target of cyber criminals


Browsing the Internet on a mobile phone. Kenya’s status as a global mobile money leader has left the country’s mobile money users prone to cyber attacks. PHOTO | FILE

Smartphones and other portable computing gadgets have changed the online connectivity landscape, making them major influences in shopping, banking and payment of bills.

The fact that mobile phones are now being used to make online and remote transactions makes them the greatest risk to previously-secure personal data.

Mobile gadgets have now become cyber crime’s latest target as criminals come up with new, and sometimes ingenious, ways to defraud people.

Cyber criminals are aware that mobile phones carry important information can be harvested for fraud and sold through black markets for further damage.

Yet, even with the risks, security experts say that mobile phone security uptake remains low in Kenya as most people are oblivious of the dangers the gadgets exposed them to.

“Most Kenyans have this attitude that it (an attack) cannot happen to them. There is need for sensitisation to let the public know that anyone can be a target,” said Eset Country Manager Teddy Njoroge. Eset is an Internet security solutions company.

“Kenya is a growing economy and people are taking up technology fast. The more we open-up to technology the more gaps we leave for attacks.” According to ICT governance organisation Information Systems Audit and Control Association (Isaca), the country records an estimated 3,000 successful or failed attacks every month.

According to Check Point Software Technologies Area Manager for East and West Africa Rick Rogers, attacks on mobile devices will continue to grow and enterprise breaches that originate from mobile devices are expected to become a more significant corporate security concern.

Phishing attacks are the most common method used to access private data, including usernames, passwords and credit card details.

These are driven by criminals masquerading as trustworthy entities.

Phishing attacks are often deployed post-breach, where criminals may send out warning to users advising them to, for instance, change their passwords by clicking on links that lead them to fake websites where they in turn harvest personal details.

Official data indicates that over 600,000 phishing attacks happen every minute globally while 1.9 million data records are stolen daily. In this regard, smartphone users are advised to be wary of messages that prompt them to click on links.

“Never click on links, especially emails asking for confidential information such as personal or banking details unless you are absolutely sure that it is authentic. Cybercriminals may use these ‘fake’ sites to steal your entered personal details or to carry out a drive-by-download attack, thus infesting your device with malware. Always contact the company separately via a known and trusted channel,” said Njoroge.

Installing multi-level security measures is a recommended way of ensuring that a third party does not get access to personal information.

Phone lock secret codes and other passwords to access apps, email services and other personal data stored in the phone also ensure that data stays safe.

“Mobile phone banking services provide convenience to people, and there is demand coming our way where clients want us to meet and provide security and people continue to enjoy these services,” said Nita Omanga, Country Risk Manager, Visa CEMEA.

Omanga says that updating phone operating systems and applications also ensures that the gadgets get the latest security features. Installing an antivirus is the other option.

Further, mobile gadget users are advised to download applications from trusted stores, while remaining vigilant not to fall victim to imitation applications commonly used as decoys for stealing data.

Omanga adds that people need to limit the access they give to applications.

“Why should you give a games app access to the camera or your photos?” she asked.

“You should limit information shared on social media or to customer care agents as this could aid identity theft that can be used to, for instance, personal sim card changing.

‘‘Criminals with enough data are said to be impersonating people and replacing their sim cards which enables them to steal from their victims’ mobile money wallet,” said Omanga.

Kenya’s status as a global mobile money leader has also left the country’s mobile money users prone to attacks, with a number of people reporting loss of money from their mobile money wallets.

“If you are unable to make a call or send a message, you should reach out to the mobile service provider immediately to stop impersonators from stealing your data,” said Omanga.

Another precaution that guards against phishing is not to store data — passwords and other details — when visiting online stores, as this will leave your data history floating online, a data breach that can result in the theft of banking card details and eventually loss of money.

Users are also advised to set up remote wipes, functionalities enabled by most devices on the market which enable users to clear personal data remotely should the phone gets misplaced or is lost.

Also, people are advised to avoid using public Wi-Fi, and when they have to, opt for virtual private network services such as hotspot shields which encrypt all cyberspace transmissions, making it hard for hackers to translate.

Wi-Fi and Bluetooth connectivity on gadgets should also be disabled when not in use.

Finally, gadgets that have gone through software hacks (flashing/unlocking) should be avoided altogether.