There are many security attacks that we can suffer on our devices. One of the most present is Phishing. It is basically a strategy hackers use to steal passwords and personal data. In this article we are going to explain how Phishing works on mobile , what types exist and, most importantly, how we can protect ourselves and avoid problems.
How Phishing works on mobile
We can say that a Phishing attack on the mobile is a bait, a trap, where we fall and expose our data. For example, clicking on a link that takes us to a fraudulent page, which pretends to be something official. By putting in the password, instead of logging in to that platform normally, we are actually sending that data directly to a hacker.
Normally cybercriminals are going to use some strategy to make us fall for the hook. For example, tell us that there is a problem with the account, that we have to enter some information to verify that everything works well, etc. They usually play with urgency, so the victim has little time to think and they end up agreeing.
These attacks are not exclusive to mobiles, but we can say that in recent years it has grown a lot due to the fact that they are more used devices and that practically everyone has them at hand all day. Hackers take advantage of this and send phishing attacks to steal data .
what types are there
Phishing attacks on mobile phones do not come only by one way, nor are they of a specific type. As you will see, there are several methods that cybercriminals can use. All of them will be aimed at stealing passwords and personal information , but there are differences between them and the way they are executed.
SMS or Smishing
The first, one of the most present in mobile phones, is Phishing by SMS or also known as Smishing . In this case, the attacker will send a text message to the victim’s cell phone, where he will seek to click on a link and thus execute the attack to achieve his goal.
A clear example is a Phishing attack that arrives by SMS and pretends to be from a bank. They ask to log in to solve a problem, for example, but it is actually a scam. By clicking on the link we will end up on a page that is a copy of the original and everything we send will go to a server controlled by the attackers.
It is also very common to receive an SMS where they tell us that a package that a certain transport company is going to send us could not be delivered. This especially increases at times like Christmas. It is exactly the same as the case of bank Phishing and it will also seek to steal personal data and passwords.
By mail
The classic type of Phishing is through email . This is not exclusive to mobile phones, of course, but the fact of using these devices more makes it more dangerous. Any e-mail we receive can be opened directly from the mobile. And it is precisely in this type of device where we can make more mistakes.
If we receive an email and read it on mobile, we are more likely to end up clicking on a fraudulent link than if we open it on a computer, where we are more careful and can also better identify fraud. That is why hackers have a good opportunity here and it is a method that, together with SMS, is very present.
In the email message they can use any strategy. For example, tell us that there is a problem with a social network, such as Facebook or Twitter, and we have to access our data. Also some failure with the mail itself or any other online service.
Spear Phishing and Angler Phishing
Phishing attacks are usually generic. That is, we receive an email or an SMS without it being really addressed to us. We are going to receive something of the type “dear user”. Although they already have a significant chance of success with that alone, it is even higher when they send out the more personalized attacks.
That’s what Spear Phishing does. It is basically an attack like the previous ones, but they are directed at the name of the victim . That SMS or e-mail will be more personal, so attackers will have a greater chance of success. After all, a person is going to be more interested in opening a link if they have received a message on their behalf.
Angler Phishing goes one step further. Not only are they going to send a Phishing attack to the name of the victim, but they are going to create a very well-orchestrated attack. In this case they will obtain information mainly through social networks. For example, find out where the victim works, where he studies, what interests he has… Based on all this, they will create a profile of the victim and they will know how he is most likely to fall into the trap.
Vishing
A type of mobile Phishing that has also grown a lot in recent years is what is known as Vishing. It is not in this case a text, but a phone call . By means of voice, the attacker will simulate something that is not with the aim of making the victim give up their data and fall into the trap.
For example, he could pose as an employee of a bank where the victim has an account. It tells you that there is an error with your account and that they need some information. They may even tell you there has been an attack on your bank account and they need to fix it so they don’t get your money stolen, but in order to fix it they have to log in with your password.
The victim, nervous to see how their account could be compromised, trusts that call and provides the information requested by the attacker. This sometimes includes two-step authentication codes, so the cybercriminal will have full control over the account.
QRishing
Surely on some occasion you have gone to a restaurant and you have seen the menu through the mobile with the QR reader. Also when visiting a monument or any place with an information panel. Its operation is simple: you use the mobile camera and an application to read a code that takes you to a web page.
What the attacker does is modify that QR code . It will pretend that it is legitimate, but in reality it will refer the victim to a fake page, where it will steal personal data and passwords. These codes can be placed in a restaurant, a monument or any place where there should be another one that is legitimate.
How to avoid these attacks
As you have seen, there are different Phishing attacks that can affect a mobile. They can steal your passwords or personal data through different methods. Therefore, it is essential to be protected and avoid being victims of this problem. We are going to give a series of essential tips.
Common sense
Without a doubt, the most important thing to avoid Phishing on mobile phones is common sense. It is essential not to make mistakes that can affect us. For example, take a good look at where we click, what SMS or e-mail we have received, where we open a QR code, etc. Generally hackers will need us to make a mistake and in the case of Phishing it is essential.
Therefore, if you avoid errors, if you browse the Internet carefully observing the URLs of the pages you visit or links you open through an SMS, you will avoid falling into the trap. Here observation is going to be essential, so you must be alert at all times and detect any indication that something strange is going on. And always in case of doubt, it is better not to open a link.
Protect mobiles
Of course, an important piece of advice is to protect the mobile phone correctly. This will help you detect possible threats that arrive through e-mail, SMS or if you have mistakenly fallen into the trap and downloaded a malicious file that you thought was a legitimate document.
A good antivirus will help you to always be more protected. There are many options, both free and paid. However, we always recommend that you download them from official stores, such as Google Play, and carefully review comments from other users and do not install an insecure application.
Activate two-step authentication
Mobile phishing attacks are usually aimed at stealing passwords. What is the best barrier to avoid problems even if they know what the key is? Definitely two-step authentication . It is an extra security barrier that will force the attacker to take a second step to enter, which is usually a code that we receive via SMS, mail or application.
This will allow us to further protect our accounts. We will be more prepared to deal with a Phishing attack and it would give us room to change the password before the attacker could enter the account and steal information or act on our behalf.
In short, Phishing attacks on mobile phones are a major problem for which we must be prepared at all times. We have given a series of tips to prevent security problems of this type, as well as the different types of attacks that can affect when using the mobile and that will compromise privacy and security.