Every so often, I have to dive back into the waters of mobile security and present a hard truth for users to swallow. It is often very easy to accept these facts, such as never installing any software unless it is found in the App Store of your ecosystem (Google Play Store and iOS App Store), using a password manager, or making sure you always keep it. Both the applications and the operating system have been updated.
also: The most important phone security threats in 2022 and how to avoid them
Anyone can follow the best practices. It is simple, harmless and requires little effort on the part of the user.
But there are also other best practices that are hard to follow. Unfortunately, IT administrators have had to constantly remind end users not to do certain things for years. However, it still occurs. No matter how insistent the IT administrator or the consequences of an action, end users keep ignoring these warnings, only end up turning to IT to solve problems.
When you’re dealing with your personal device, you may not have an IT department to turn to. When that happens, you may end up going to your carrier and paying for restoring your device to working condition (which can be costly) or doing a factory restore (which may or may not fix the problem). And then you might have fallen prey to a ransomware attack, and then all bets are off. Even if you can perform a factory data recovery, your data may be kept under threat of release if you don’t pay.
You don’t want to.
And this is where perhaps my most important tip, regarding mobile security, comes in and can be summed up in one simple sentence.
When in doubt…don’t.
I have a dear friend who calls me regularly with questions like, “I got this text message. I don’t know the sender. Should I click on the link?”
The unequivocal answer is always a resounding “no”! Then remind that person that if they don’t know the sender of an email, SMS, Facebook Messenger, Whatsapp connection etc., they won’t open it, click on it, click on it, copy it, respond to it or otherwise interact with it.
This is the crux of the issue.
Many users (and even posts) want to very quickly put the blame box on the shoulders of companies that provide mobile operating systems and / or applications. This is not only unfair, but it is also not helpful. You see, just like in the world of desktop and laptop computers, the end user has to share the burden of responsibility. Google does not make you click on those links sent to you from unknown sources. Apple has never twisted your arm to respond to a strange text.
However, no matter how many times they are warned, end users keep clicking on those strange links and replying to those messages sent by unknown users. The end results could be disastrous for your data, privacy, and identity.
According to Avast, global ransomware attacks are up 32% on businesses and 38% on individuals. These attacks come in the form of fake package delivery information, tech support scams, sexual exploitation scams, and phishing scams (when an attacker tries to trick you into divulging personal information to gain leverage over the victim).
You’ve seen these emails and SMS messages arrive on your phones. I got them all the time. As I was writing this article, I received at least five such scams and my wife forwarded a phishing email put up as a request for Geek Squad Gold Plus Tech Support at $499.19. Within this email there were phone numbers to click which I guarantee will not lead to the end of the problem. I answered it right away saying it was a scam and I deleted it. This type of attack is so common that I’ve gotten to the point where I automatically block (or mark as junk) any email that includes certain phrases or companies that are frequently used in phishing scams.
I also receive about 10 SMS a day on my phone with something like this:
Hi I have tried to contact you but you are not answering. what’s up?
The sender of this message is not in my contact list which means I don’t know them. Over the past few years, I’ve developed a simple rule: If I don’t know you, I won’t answer the phone or answer your messages. Now, I feel free to block these messages and report them as spam. The sender may be legit, but I’m not taking my chances.
This is the attitude that every mobile phone user should adopt. If you take good care and you will avoid a lot of common attacks on your privacy and data.
And that, my dear friends, is the hard and simple truth about phone security that you (and everyone you know) have to accept.