Hackers Are Increasingly Targeting People Through Their Phones

Hackers Are Increasingly Targeting People Through Their Phones

Elise Silagy

September 2, 2020

We do so many things on our smartphones: We stay in touch with friends and colleagues, we do our banking, we look for work, and so much more. Unfortunately, while phones have made it easier than ever to go about our everyday lives, they also offer another way hackers can reach us by gaining access to our money and private files. While hacking may look different than it did when home computers first became commonplace, some old school tactics are still in use alongside the new and insidious approaches hackers use to gain unauthorized access to our devices. Even if you are pretty tech-savvy, you may be inadvertently exposing yourself to risk.

Hackers target our phones for a wide variety of reasons, but there are steps you can take to protect yourself. If you think you have been hacked, please read our blog post: Hacked? Here’s What to Know (& What to Do Next). To help safeguard your smartphone as well as any networks it connects to, you and your team should be reviewing your security practices regularly.

Why Hackers Target Phones

Blonde woman reading her phone while holding coffee
According to the Pew Research Center, 81% of Americans use smartphones. This ubiquity partnered with the fact that many shopping apps (particularly Android apps) contain high-level security vulnerabilities. Many apps also transmit unencrypted user data, making smartphones easy targets for hackers.

To Steal Your Money or Financial Information

Ransomware attacks aren’t limited to desktops and laptops. A ransomware attack could paralyze your phone, keep you from accessing critical files, and allow unauthorized users to access sensitive personal data. The basic anatomy of a ransomware attack involves hackers tricking users into downloading malicious software (malware), which they use to take control of the device and lock users out. The hacker then threatens to delete critical files or release private information unless the user agrees to pay the ransom. While some users may be tempted, paying the ransom doesn’t guarantee you will regain control of your device or your data.

In one case, a third-party Android app promised users it would optimize their system, but instead stole money from their PayPal accounts. This wasn’t technically a phishing attack, since the login process was legitimate, but once users logged in malware initiated the automatic PayPal transfer. Other hackers target victims’ wallets by tricking them into downloading fake mobile payment apps. Once victims have entered their payment information, the hacker can do things like empty your bank account or charge purchases to your credit card.

To Eavesdrop on Your Phone Calls

While phone calls may seem old fashioned to some people, the truth is we talk about a lot on the phone. Even if you don’t use your phone to stay in touch with loved ones or discuss sensitive business information with colleagues or clients, you may have to call your bank or the government to access services. During calls with your bank, you will likely discuss your banking details, and calls to the government will inevitably require answering verification questions and confirming your social security number.

There is currently a flaw (called SS7) in the US cellular exchange that allows hackers who know a target’s phone numbers to listen to calls, read text messages, and view user’s locations. Even though US agencies have known about this issue for some time, they have yet to take action to address it, leaving American’s phone privacy at risk.

To Blackmail You

Blackmail is nothing new, but the tiny computers we carry around in our pockets contain more personal information than our desktops and laptops do, making them tempting targets for hackers.

A typical blackmailing hack may go something like this: The hacker obtains some personal information on the victim that is already available on the black market, likely as a result of a previous, unrelated breach. They use this information to trick the victim’s phone company into believing they are the user and convince the company to transfer the victim’s number to a new phone owned by the hacker. When phone companies transfer numbers, they often transfer all the information on the old phone as well, which hackers can then use to blackmail their victims. In order to regain access to their personal files, victims may feel pressured to give in to the hacker’s demands or pay a ransom.

To Mine Cryptocurrency

Any computing device, including smartphones, can be hijacked by hackers and used to mine cryptocurrencies such as Bitcoin. This attack is referred to as cryptojacking. For more information on cryptojacking, and what steps you can take to safeguard yourself, please read our blog post Cryptojacking: Because Every Currency Needs to Be Protected.

To Gain Access to Your Company

Even if hackers target your phone, you may not be their primary target. A large percentage of office workers are currently working from home, which means many of us may be using our personal smartphones for business purposes. While working in a BYOD (bring your own device) exposes companies to risk providing work laptops and work smartphones for every employee may be cost-prohibitive. Fortunately, there are steps companies and workers can take to safeguard their devices and the company network. For more information, please read our blog post, Keeping Your Network Secure in a Bring Your Own Device World.

Just For Fun & Fame

While many hackers are motivated by financial gain, some hack others for entertainment or to gain fame in hacker circles.

Cybersecurity Steps You Can Take to Protect Yourself

Combination lock sitting on a cell phone

Stay Away From Third-Party App Stores

One of the easiest things you can do to protect yourself is to avoid third-party app stores; only download apps from trusted sources such as the Apple app store or the Android app store. However, hackers and other malicious actors have been able to penetrate these platforms as well, and some rogue apps have slipped through, so while this rule will reduce your odds of downloading a malicious app, it doesn’t completely eliminate risk.

Keep an Eye on Your Settings

Checking your phone’s settings can help you spot suspicious behavior. If your phone seems to be chewing through its battery more quickly than usual or appears to be running more apps than you currently have open, it may indicate a hacker has downloaded and is running a malicious app on your device without your knowledge.

Wait Before You Download

While you may be tempted to download that shiny new app as soon as it launches, waiting can help you ensure that new apps are free of serious security flaws. Waiting also gives developers a chance to issue patches to address any issues that do come to light.

When in Doubt, Don’t Click

Whether you are using your smartphone, desktop, or laptop, if you:

  • Encounter a suspicious site
  • Are sent a suspicious link
  • Stumble across a sketchy looking popup
  • Notice that there are apps on your phone you don’t remember downloading

You should stop using your phone until you can get some answers. If you think you may have been hacked, you should contact your MSSP right away for advice and next steps.

Post Categories

Related Posts

What Your Business Can Learn From Netflix About Credential Sharing

What Your Business Can Learn From Netflix About Credential Sharing

Credential sharing, the practice of using someone else’s digital identity to gain access to a platform or product, has become commonplace, particularly when it comes to video streaming services. While credential sharing brings with it obvious user-end security issues for organizations of all sizes in all verticals, it also poses a serious problem for organizations that depend on the revenue generated from paid user accounts. 

read more
The Growing Trend of “Hacktivism”, & What it Means for Businesses

The Growing Trend of “Hacktivism”, & What it Means for Businesses

When most people think of a hacker, they think of a loner hiding in a dark basement, destroying computer systems and other digital resources for personal financial gain, or a sophisticated computer whiz employed by a foreign government up to no good.
However, in recent years, a growing number of hackers have been putting their skills to use for a different reason: activism. This trend, dubbed “hacktivism”, is on the rise and can have serious consequences for businesses of all sizes in all verticals and industries.

read more

VirtualArmour Solutions

Detection, investigation, and resolution of your security alerts
Prevention and visibility to protect you from a breach.
Support and monitoring of your firewall and overall security

Evaluation of your infrastructure for vulnerabilities and security gaps.

Team of cybersecurity experts that can bolster your existing security team or supplement light IT staff – to manage and monitor networks, devices, & assets.

Level of Need

Essential Services

Requirements for devices, investigations, and tickets are for a smaller IT environment that needs less.

Requirements for devices, investigations, and tickets are for a larger IT environment that needs continuous white glove service.
One time engagement. Single Service Implementation.

Partners

Become a Partner

VirtualArmour partners with companies focused on providing solutions for cybersecurity

Portal Login

About VirtualArmour

Our Team

When people, process, and technology work together, great things happen.

Articles and Resources

Your best resource for articles, tips and best practices for every cyber security situation.

Technology Partners

Learn more about how our team supplies and services, the latest hardware and software solutions.

Careers

Read about life at VirtualArmour and search for current openings.

Industry

Read more about the industries we serve and our solutions to keep you safe.