We do so many things on our smartphones: We stay in touch with friends and colleagues, we do our banking, we look for work, and so much more. Unfortunately, while phones have made it easier than ever to go about our everyday lives, they also offer another way hackers can reach us by gaining access to our money and private files. While hacking may look different than it did when home computers first became commonplace, some old school tactics are still in use alongside the new and insidious approaches hackers use to gain unauthorized access to our devices. Even if you are pretty tech-savvy, you may be inadvertently exposing yourself to risk.

Hackers target our phones for a wide variety of reasons, but there are steps you can take to protect yourself. If you think you have been hacked, please read our blog post: Hacked? Here’s What to Know (& What to Do Next). To help safeguard your smartphone as well as any networks it connects to, you and your team should be reviewing your security practices regularly.

Why Hackers Target Phones

Blonde woman reading her phone while holding coffee
According to the Pew Research Center, 81% of Americans use smartphones. This ubiquity partnered with the fact that many shopping apps (particularly Android apps) contain high-level security vulnerabilities. Many apps also transmit unencrypted user data, making smartphones easy targets for hackers.

To Steal Your Money or Financial Information

Ransomware attacks aren’t limited to desktops and laptops. A ransomware attack could paralyze your phone, keep you from accessing critical files, and allow unauthorized users to access sensitive personal data. The basic anatomy of a ransomware attack involves hackers tricking users into downloading malicious software (malware), which they use to take control of the device and lock users out. The hacker then threatens to delete critical files or release private information unless the user agrees to pay the ransom. While some users may be tempted, paying the ransom doesn’t guarantee you will regain control of your device or your data.

In one case, a third-party Android app promised users it would optimize their system, but instead stole money from their PayPal accounts. This wasn’t technically a phishing attack, since the login process was legitimate, but once users logged in malware initiated the automatic PayPal transfer. Other hackers target victims’ wallets by tricking them into downloading fake mobile payment apps. Once victims have entered their payment information, the hacker can do things like empty your bank account or charge purchases to your credit card.

To Eavesdrop on Your Phone Calls

While phone calls may seem old fashioned to some people, the truth is we talk about a lot on the phone. Even if you don’t use your phone to stay in touch with loved ones or discuss sensitive business information with colleagues or clients, you may have to call your bank or the government to access services. During calls with your bank, you will likely discuss your banking details, and calls to the government will inevitably require answering verification questions and confirming your social security number.

There is currently a flaw (called SS7) in the US cellular exchange that allows hackers who know a target’s phone numbers to listen to calls, read text messages, and view user’s locations. Even though US agencies have known about this issue for some time, they have yet to take action to address it, leaving American’s phone privacy at risk.

To Blackmail You

Blackmail is nothing new, but the tiny computers we carry around in our pockets contain more personal information than our desktops and laptops do, making them tempting targets for hackers.

A typical blackmailing hack may go something like this: The hacker obtains some personal information on the victim that is already available on the black market, likely as a result of a previous, unrelated breach. They use this information to trick the victim’s phone company into believing they are the user and convince the company to transfer the victim’s number to a new phone owned by the hacker. When phone companies transfer numbers, they often transfer all the information on the old phone as well, which hackers can then use to blackmail their victims. In order to regain access to their personal files, victims may feel pressured to give in to the hacker’s demands or pay a ransom.

To Mine Cryptocurrency

Any computing device, including smartphones, can be hijacked by hackers and used to mine cryptocurrencies such as Bitcoin. This attack is referred to as cryptojacking. For more information on cryptojacking, and what steps you can take to safeguard yourself, please read our blog post Cryptojacking: Because Every Currency Needs to Be Protected.

To Gain Access to Your Company

Even if hackers target your phone, you may not be their primary target. A large percentage of office workers are currently working from home, which means many of us may be using our personal smartphones for business purposes. While working in a BYOD (bring your own device) exposes companies to risk providing work laptops and work smartphones for every employee may be cost-prohibitive. Fortunately, there are steps companies and workers can take to safeguard their devices and the company network. For more information, please read our blog post, Keeping Your Network Secure in a Bring Your Own Device World.

Just For Fun & Fame

While many hackers are motivated by financial gain, some hack others for entertainment or to gain fame in hacker circles.

Cybersecurity Steps You Can Take to Protect Yourself

Combination lock sitting on a cell phone

Stay Away From Third-Party App Stores

One of the easiest things you can do to protect yourself is to avoid third-party app stores; only download apps from trusted sources such as the Apple app store or the Android app store. However, hackers and other malicious actors have been able to penetrate these platforms as well, and some rogue apps have slipped through, so while this rule will reduce your odds of downloading a malicious app, it doesn’t completely eliminate risk.

Keep an Eye on Your Settings

Checking your phone’s settings can help you spot suspicious behavior. If your phone seems to be chewing through its battery more quickly than usual or appears to be running more apps than you currently have open, it may indicate a hacker has downloaded and is running a malicious app on your device without your knowledge.

Wait Before You Download

While you may be tempted to download that shiny new app as soon as it launches, waiting can help you ensure that new apps are free of serious security flaws. Waiting also gives developers a chance to issue patches to address any issues that do come to light.

When in Doubt, Don’t Click

Whether you are using your smartphone, desktop, or laptop, if you:

  • Encounter a suspicious site
  • Are sent a suspicious link
  • Stumble across a sketchy looking popup
  • Notice that there are apps on your phone you don’t remember downloading

You should stop using your phone until you can get some answers. If you think you may have been hacked, you should contact your MSSP right away for advice and next steps.