An Old Cyber-Scam Targets Mobile Devices

Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.

Phishing attack emails related to COVID-19 increased 667% from March 1 to 23, according to researchers from the cyber-security firm Barracuda. This is alarming, but that still only represents about 2% of phishing attacks. And worse, some emerging phishing tactics are very tricky to detect.

First, a basic definition: Phishing is a method by which cyber-criminals attempt to get one or more victims to divulge login IDs and passwords for critical accounts or IT networks, or to download malware.

Scammers use bogus emails, phone calls, text messages, and other communications to appear legitimate to their victims.

The malware a phishing attack delivers to your computer or mobile device can do a variety of dangerous things, such as recording your keystrokes, harvesting financial data, giving hackers remote control over your device, installing ransomware, and much more.

The big prize that cyber-criminals seek from small businesses – especially those that store clients’ sensitive financial information and conduct electronic funds transfers – is access to your company’s IT network and databases. Mobile devices are a perfect entryway for that.

Phishing attacks target mobile devices

Even if your employees don’t have sensitive company or client data stored directly on their mobile devices, they can probably login to your company’s network via those devices. Hackers can grab that key information through a successful phishing attack.

Unfortunately, mobile devices have two features that make them particularly vulnerable to phishing:

  1. On smaller mobile device screens, web and email addresses are hidden

Phishing emails often appear to come from colleagues, vendors, or big-name reputable sources because they use similar-looking email addresses. Those emails often include links to fake login pages, which also use a similar-but-fake web address (or “URL”) in the box at the top of the page.