In this post, we continue our series on the top threats to Smartphones in 2018. Here is what you need to know about Network Spoofing and Phishing Attacks.
This Smartphone security vulnerability goes back to the use of public Wi-Fi Hotspots that are found in places like Starbuck’s or Panera Bread. Before you gain access to the free data connection, you have to login with the username and password that is given (which is also publicly available) and agree to their terms of usage.
Usually this is an entire webpage, and there is no way to prove its authenticity. For the most part, these websites are legitimate, but given the level of sophistication a cyber attacker has these days, a spoofed-up web page can be designed and replaced quite easily.
Typically, the cyber attacker names these spoofed public Wi-Fi Hotspots things like “Airport Wi-Fi” or “Coffeehouse Wi-Fi.” Unlike the legitimate login pages, the customer must create an account to gain access to the supposedly free data connection.
Given how much people hate remembering hundreds of passwords, we tend to use the same username/password combination for just about everything we log into. The cyber attacker is also aware of this. After you have created an account and logged in (in a manner very similar to that of a Man in The Middle Attack) the cyber attacker will see the websites you are accessing.
If anything looks private and confidential, they will later use that same username/password combination that you have created. The hacker will log in and covertly hijack everything and anything they can.
This is a type of Social Engineering attack that has been around for a long time, and is still widely used by the cyber attacker of today – especially those on Smartphones.
Phishing can be defined as a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as . . . banking and credit card details and passwords.
Here are the telltale signs of a Phishing attack:
- The content of the email message has poor spelling or grammar:
Phishing emails often contain misspelled words, or even extra digits in the telephone number in the signatory component of the message. At first glance, these can be very difficult to find, but after a second or third look, they can be spotted. For instance, a phony message would contain the salutary line of “Dear eBay Costumer” instead of “Dear eBay Customer”. Also, look in the subject line as well for misspellings. Most email applications are good at catching this, but some still fall through the cracks and make their way into your inbox.
- The hyperlinked URL is different than the one presented:
Most phishing email messages contain the name of a legitimate organization, but with a phony URL that is hyperlinked to it. For example, you could get what looks like a legitimate email message from PayPal, and toward the end of the message, it will say something like:
“Check your PayPal account here.”
Obviously, the name looks authentic enough, but instead of taking you to www.paypal.com, the hyperlink displays a different URL (hover over it to see it).
- The email message has a sense of urgency:
The content of a phishing email will often have a keen sense of action to take. For example, it may say that your PayPal account has been closed, put on hold, or there is some sort of fraudulent activity that has occurred on it. In these instances, there will be a link to take you to your account, but again, it will be a phony one.
- It will contain a suspicious attachment:
Most legitimate business entities or even individuals will not send you an attachment unless you have specifically requested one. Sometimes, phishing emails will contain an attachment, which will very often be in a .DOC or .XLS file extension. It will look like these attachments are coming from somebody you know. These attachments contain a malware or a spyware executable program which will launch onto your computer or wireless device once they are downloaded and opened.
A future blog post will continue examining the top threats to Smartphones, focusing upon the latest threat out there, and perhaps the most dangerous: Ransomware.