As more people use mobile phones, more fraud perpetrators target these devices. According to Javelin Strategy & Research, between 2017 and 2018 the number of fraudulent mobile-phone accounts opened grew by 78%. Schemes in which thieves open a phone account in your name and use it to access your bank account, sign up for credit cards and gain access to personal information are only some of the recent fraud trends. Fraudsters have plenty of ways to defraud consumers through their phones.
Why they’re vulnerable
One of the reasons mobile phones are so vulnerable is that phone security hasn’t kept pace with traditional computer security. Mobile devices rarely contain comprehensive security measures, and mobile operating systems aren’t updated as frequently as those on personal computers.
Yet users routinely store a wide range of sensitive information — including contact information, emails, text messages, passwords and identification numbers — on their phones. Geolocation software can track where phones are at any time, and various apps can record personally identifiable information. Hackers can target a phone and use it to trick its owner, or the owner’s contacts, into revealing confidential information. Or phones can spread viruses to computers — a big problem for companies with “bring your own device” policies.
How thieves get in
Sometimes attackers obtain physical access to a device. More frequently, a hacker achieves virtual access by, for example, sending a phishing email that coaxes the recipient into clicking a link that installs malware.
Apps can be dangerous, too. A user might install an app that turns out to be malicious or a legitimate app with weaknesses an attacker can exploit. A user could unleash such an attack simply by running the app.
What you can do
Encryption is probably the most highly recommended defense against mobile phone fraud. When data is encrypted, it’s “scrambled” and unreadable to anyone who can’t provide a unique “key” to open it. Two-step authentication is also advisable. This approach adds a layer of authentication by calling the phone or sending a password via text message before allowing the user to log in.
Phone owners should always activate PINs or passwords, and other options such as touch ID and fingerprint sensors if available. Conversely, users should disable Bluetooth and Wi-Fi when not in use, and set Bluetooth-enabled devices to be nondiscoverable.
Also request a freeze on the credit information that’s used to open a mobile-phone account with the National Consumer Telecom & Utilities Exchange. This is a credit reporting agency fed by data supplied by phone companies, pay-TV companies, and utility service providers.
In only a decade, mobile phones have completely changed our daily lives. Unfortunately, fraud has kept pace with technology. To protect your personal information, you need to be aware of the constantly evolving threats. If your organization needs guidance on fraud and risk management issues, contact Ashley Sparks, CPA, CFE at firstname.lastname@example.org.