It’s safe to say our mobile devices have taken over our lives in a big way, with reports saying that the average Brit spent at least four hours a day on their mobile device in 2021. What’s more, mobile devices now account for the majority (55%) of global website traffic, proving how pervasive they are in our lives.
For businesses, this represents a challenge. As the shift to remote and mobile working took off throughout the pandemic, our mobile devices became as essential to our professional lives as they are to our personal lives. Mobile devices – including any device that runs Android or iOS – are powerful mini-computers, making them increasingly popular for working remotely. Yet, while the mobile device is starting to supplant, or at least supplement, the desktop for work and web browsing, users are still likely to treat it as a personal belonging.
Whether or not a company operates a “bring your own device” (BYOD) policy, a device feels different when you keep it in your pocket at all times. For example, a user might have a different, less-guarded frame of mind when their phone is in their hand. Their browsing behavior will likely be different, and the immediacy of messaging alerts – coupled with a smaller screen size – can make them more likely to fall foul of cyber-criminals.
Sadly, this hasn’t escaped the attention of those cyber-criminals. Mobile devices represent yet another endpoint for them to exploit, and they’ve developed several innovative tactics to do so.
1) Cross-Device Social Engineering
Cyber-criminals have become masters of social manipulation. While the average person is more perceptive to phishing emails on their own, persistent threat actors have begun to couple them with text messages to make emails seem more legitimate on the desktop. This clever technique leans on our growing trust for receiving critical information via our mobile devices. For instance, we are now quite accustomed to receiving notifications from the NHS, our banks, and a host of other services. The combination of the two makes it seem like a more legitimate request and puts the victim’s organization at a far greater risk.
2) Bogus Apps
Our mobile devices have become incredibly important tools, much down to the vast range of apps now available for us to download. For cyber-criminals, this has created a growing opportunity to steal data through fake apps. Fake apps are built to look and function just like genuine apps to trick users into downloading them; however, they contain malicious code designed to steal data.
Ordinarily, when you install a third-party app, it will ask you to input sensitive data. Bogus apps leverage this to get access to personal information and passwords, giving them the keys to the kingdom.
Read more: https://bit.ly/3uOOywW
You can also read this: Children’s Online Privacy Protection Rule (COPPA)