Smartphone security and tips to help prevent identity theft
Simple tips to protect your smartphone, like locking it and setting two factor authentication, can help prevent identity theft.
As the use of smartphones continues to increase, con artists are finding ways to access personal information. A growing number of internet-connected cars and connected homes are vulnerable to cyber thieves as well. And you need more than a password to keep your identity and data secure. According to identitytheft.org, 1.4 million cases of consumer identity theft were reported to the FTC in 2021. The amount of money lost by consumers has doubled since 2019, mostly to imposter scams and theft.
Common cell phone scams
Our smartphones have become an extension of our identities, making our personal information even more accessible to hackers. Whether it is operating a business, managing personal finances, or shopping online, we are taking a risk that could result in our identities being stolen. Nearly 1 in 3 people have been victims of cellphone scams at some point in their lives. In 2022, these incidents have resulted in more than $39 billion in financial losses.
Here are some mobile phone scams to be aware of:
Vishing (voice phishing)
Scammers call impersonating legitimate businesses or trusted individuals. They may use a combination of emotional manipulation or scare tactics to gain the victim’s trust and deceive them into carrying out an action. Robocalls (scam calls that use recordings instead of humans) are also used as a tactic in vishing.
Smishing (SMS phishing)
A text message will be sent that includes a link (using a shortened URL) to prize winnings, surveys, a lottery or sweepstakes. There may also be an urgent notification about your credit card, bank account or tax refund. The text may ask you to either visit a website, download an application, enter login credentials or fill out a form that is being controlled by attackers. If the desired action is completed, attackers can steal your credentials, access your bank account and other sensitive information, or infect your device with malware to carry out additional attacks.
Scammers somehow get access to a victim’s SIM card in their phone, which allows them to gain control over emails, text messages and other sensitive information. SIM swapping is transferring a mobile SIM card to the ownership of a hacker to compromise the victim’s digital identity or banking credentials.
How to protect your smartphone from hackers
- Think beyond your smartphone - Anything with an internet connection, including vehicles, voice-based digital assistants or wearable fitness trackers, are on the radar for cyber thieves. In some instances, they can use the data to detect whether you are home. If you connect in a public place, make sure the websites you use begin with HTTPS.
- Set a passcode - Smartphones allow you to set a digital "lock" to help prevent random people from using your phone. The passcode to unlock the phone could be a PIN code, password, pattern or biometrics login (such as your fingertip or face scan).
- Auto lock your phone - Set your phone to lock after 15 seconds of not being used to help prevent people from picking it up and using it when you're not looking.
- Create a complex password - Your first line of defense is a strong and long password, one that combines letters, numbers and symbols.
- Use two-step authentication with applications - Turn on two-step authentication for apps like Gmail, Facebook and OneDrive. Two-step authentication requires the password and a separate code sent to the owner to gain entry.
- Seek backup/wiping services - These services are easy to get through the phone's manufacturer or your wireless provider. A backup program sends data on your phone to a secure server where you can retrieve it. A wiping program erases information from your phone if it's lost or stolen.
- Install security/antivirus software - Treat your smartphone like you would your home computer. Install security software that contains an antivirus, and be diligent about downloading updates as they're available.
- Be careful of "public" and "free" Wi-Fi - It's tempting to connect your smartphone to free wireless data whenever it's available, but it's not always safe. Unsecured networks — be it at coffee shops or airports — make it simple for hackers to also connect to your device. If you must use an unsecured wireless network, try a VPN tool, such as TunnelBear, to browse the web.
- Only download apps from trusted, reputable sources - Marketing groups have found that people spend over three hours a day on their phones, so it's tempting to download apps. Protect your data and your digital footprint by avoiding custom apps; instead, stick to downloads from verified sources. Apple's App Store and Android's Google Play use a vetting process before allowing apps to be sold on their mobile platforms. Remember, free is not free. Your personal data is a valuable currency that often "pays" for the free apps.
- Stay smart around smishing scams - The more time users spend on their mobile devices, the more those devices are targets for scammers using smishing. Smishing is a scam conducted using SMS or text and phishing, where users get authentic-looking texts that appear to be from their banks or other services. In both cases, block the numbers or the emails and never click on a link in a text or email or reply back to the sender.
- Don't ignore updates - Installing software updates can seem cumbersome at times, but skipping available updates leaves devices more vulnerable to cyber-attack. As hackers refocus their efforts on smart technology, it's even more important to install the latest version and avoid a breach. Even better, set your device to auto update your system software and applications.
- Share data wisely - Often, apps ask users to input data that can be especially dangerous during an online security breach. Avoid sharing birthdates, addresses and other personal information that hackers could use later.
- Prepare for the worst - If you lose your smartphone or it is stolen, your personal data may be at risk. Turn on Apple's Find My iPhone or Android's Find My Device so you may track the phone's whereabouts and delete data as soon as possible. If your phone is missing, call your carrier right away to report that it's been lost or stolen, and have your data wiped. If you think you're a victim of identity theft, consider taking these three steps:
Remember, back up your phone's information regularly through a computer or the cloud but use your home network or your mobile connection to make sure your data is not stolen during the transfer. This will allow you to restore your information if needed. The Identity Theft Resource Center offers more tips on smartphone security.