There are many security attacks that we can suffer on our devices. One of the most present is Phishing. Basically it is a strategy that hackers use to steal passwords and personal data. In this article we are going to explain how the Phishing on mobile, What types exist and, most importantly, how can we protect ourselves and avoid problems.
How Phishing works on mobile
A Phishing attack on mobile we can say that it is a bait, a trap, where we fall and expose our data. For example, clicking on a link that leads us to a fraudulent page, which pretends to be official. By putting the password, instead of logging into that platform normally, we are actually sending that data directly to a hacker.
Usually cybercriminals They are going to use some strategy to make us fall on the hook. For example, indicate that there is a problem with the account, that we have to put some data to verify that everything works well, etc. They usually play with urgency, so the victim has little time to think and end up agreeing.
These attacks are not exclusive on mobiles, but we can say that in recent years it has grown a lot due to the fact that they are more used devices and that practically anyone has it on hand all day. This is used by hackers and they send Phishing attacks to steal data.
What types are there
Phishing attacks on mobile do not come only by one route, nor are they of a specific type. As you will see, there are several methods that cybercriminals can use. All of them will be oriented in the theft of passwords and personal information, but there are differences between them and in the way of executing them.
SMS or Smishing
The first, one of the most present on mobile phones, is the Phishing by SMS or also known as Smishing. In this case, the attacker will send a text message to the victim's mobile, where you will look for it to click on a link and thus execute the attack to achieve your goal.
A clear example is a Phishing attack that comes in by SMS and pretends to be from a bank. They request to log in to fix a problem, for example, but it is actually a scam. By clicking on the link we will stop at a page that is a copy of the original and everything we send will go to a server controlled by the attackers.
It is also very common to receive an SMS where they indicate that a package that a certain transport company will send us has not been delivered. This especially increases in times like Christmas. It is exactly the same as the bank Phishing case and will also seek to steal personal data and passwords.
By mail
The classic Phishing type is through the email. This is not exclusive to the mobile, logically, but the fact of using these devices more makes it more dangerous. Any e-mail we receive can be opened directly from the mobile. And it is right on these types of devices where we can make the most mistakes.
If we receive an email and read it from the mobile, we are more likely to end up clicking on a fraudulent link than if we open it from the computer, where we are more careful and we can also identify better fraud. That is why hackers have a good opportunity here and it is a method that, together with SMS, is very present.
In the email message you can use any strategy. For example, indicate that there are some problem with a social network, such as Facebook or Twitter, and we have to access with our data. Also some failure with the mail itself or any other online service.
Spear Phishing and Angler Phishing
Phishing attacks are usually generic. That is, we receive an email or an SMS without actually being directed to us. We are going to receive something of the type “ estimated user ”. Although only with that they already have a significant probability of success, it is even greater when they send the most personalized attacks.
That's what Spear Phishing does. It's basically an attack like the previous ones, but they go directed to the victim's name. That SMS or e-mail are going to be more personal, so the attackers are going to have a greater probability of success. After all, a person will be more interested in opening a link if they have received a message in their name.
The Angler Phishing goes a little further. Not only are they going to send a Phishing attack to the victim's name, but they are going to create a very well orchestrated attack. In this case they will get information mainly through social networks. For example, finding out where the victim works, where he studies, what interests he has… Based on all that they are going to create a profile of the victim and they are going to know how it is more likely to fall into the trap.
Vishing
A type of mobile Phishing that has also grown a lot in recent years is what is known as Vishing. In this case it is not a text, but a phone call. Through the voice, the attacker will simulate something that is not in order for the victim to give up their data and fall into the trap.
For example, you could impersonate a bank employee where the victim has an account. It tells you that there is an error with your account and that you need certain information. They can even tell you that there has been an attack on your bank account and that they need to fix it so that they don't steal money from them, but that in order to fix it they have to enter with their password.
The victim, nervous to see how her account may be in danger, trusts that call and indicates the data requested by the attacker. This sometimes includes two-step authentication codes, so the cybercrime will have full control over the account.
QRishing
Surely on some occasion you have gone to a restaurant and seen the menu through the mobile with the QR reader. Also when visiting a monument or anywhere with an information panel. Its operation is simple: you use the mobile camera and an application to read a code that leads you to a web page.
What the attacker does is modify that QR code. You will pretend that it is legitimate, but in reality you will refer the victim to a false page, where you will steal personal data and passwords. Those codes can be put in a restaurant, a monument or any place where there should be another that is legitimate.
How to avoid these attacks
As you can see, there are different Phishing attacks that can affect a mobile. They can steal your passwords or personal data through different methods. Therefore it is essential to be protected and avoid being victims of that problem. We are going to give a series of essential tips.
Common sense
Without a doubt the most important thing to avoid mobile Phishing is common sense. It is essential don't make mistakes that can affect us. For example, looking very well at where we click, what SMS or e-mail we have received, where we open a QR code, etc. Generally hackers are going to need us to make a mistake and in the case of Phishing it is essential.
Therefore, if you avoid mistakes, if you surf the Internet observing very well the URLs of the pages you visit or links that you open through an SMS, you will avoid falling into the trap. Here observation is going to be essential, so you must at all times be alert and detect any indication that there is something strange. And always when in doubt, it is better not to open a link.
Protect mobiles
Of course, an important tip is also protect mobile phone correctly. This will help you detect possible threats that come through e-mail, SMS or if you have mistakenly fallen into the trap and downloaded a malicious file that you thought was a legitimate document.
A good antivirus is going to help you to be more protected always. There are many options, both free and paid. However, we always recommend that you download from official stores, such as Google Play, and look very well at comments from other users and do not install an insecure application.
Activate authentication in two steps
Phishing attacks on mobiles are generally intended to steal passwords. What is the best barrier to avoid problems even if you know what the key is? Without a doubt the two-step authentication. It is an extra security barrier that will force the attacker to have to take a second step to enter, which is usually a code that we receive by SMS, mail or application.
This will allow us to further protect our accounts. We will be more prepared to deal with a Phishing attack and would give us scope to change the password before the attacker could log into the account and steal information or act on our behalf.
In short, Phishing attacks on mobile phones are a major problem for which we must be prepared at all times. We have given a series of tips to prevent security problems of this type, as well as the different types of attacks that can affect when using the mobile phone and that will compromise privacy and security.