So you’re the guy with the nicest smartphone in your group of friends, but you may also be the guy who opens an email supposedly from your bank that asks you to enter your full password (Sweet tip: Your bank will never email you to ask you to enter or change your password via an email. The safest way to access your account is through your banking app or the saved link in your browser). Before that happens, we’re here to save the day (and your soon-to-be stolen information) from hackers accessing your smartphone. After all, you can never be too smart!
Beware of free WiFi – it’s awesome, but not always trustworthy
You know that coffee shop you love so much because it offers free, uncapped WiFi? Well, just because it’s an establishment you trust, doesn’t mean the network can be trusted. Public WiFi literally means anyone can access it – including hackers who can see everything you’re doing, accessing any personal information as you enter it into your phone.
So how do they do it?
One way hijackers access your phone through public WiFi is through a process called “Man-In-The-Middle” (MITM), which is when a third party interrupts communications between two participants, your smartphone and a server. Instead of data being shared directly between you two, that link is broken by another element – the hacker. The uninvited hijacker then displays their own version of a site, adding in their own messages. Anyone using public WiFi is especially vulnerable to an MITM attack because the information being transmitted is often unencrypted, leaving your passwords, addresses and private messages exposed.
What to do: Use public WiFi, but safely
For the most part, accessing websites that start with “https” means that the data exchange between you and this website is encrypted. You can also use public WiFi in a safer way, such as turning off your file sharing and AirDrop options for iPhones, turning your WiFi off completely when you leave the connected area, only using public WiFi to check social media or blog updates (instead of doing your online banking), and if you already have anti-virus malware installed on your device, keep it updated to ensure any baddies who want to access it can’t.
Don’t let a stranger use your phone for a call
Believe it or not, it’s that quick. Someone can corrupt your smartphone or access your personal data within a few seconds of having it – all they need to do is copy-paste a link into your browser and your data is toast. We know it’s difficult to decipher who is a hacker or not because bad people come in all shapes and sizes, however, you’re going to have to trust your instinct when a stranger asks you to use your phone for a call.
Traveling Paris? So, you’re standing in front of the Eiffel Tower with a friend and at, some point, you’re going to want a full-length photo of your trip for your Insta page. What do you do? You ask a total stranger to stand a good 5 metres away from you to capture the moment. You don’t know it but you’ve potentially handed your phone to a hacker – so how can you avoid it and still get your photo? Luckily, you can still take a shot with your screen locked, so make sure you hand your phone over on lock screen mode. (Another cool tip: Taking a pic on lock screen mode also means the photographer can’t see the last photo you took that’s often displayed in the bottom left corner.
See above: The left photo shows access to your camera if your lock screen is not activated. The right photo shows that no access is given.
So how do they do it?
So, you’ve handed over your phone to a stranger, possibly without the lock screen activated. Renowned hacker and author of “The Art of Invisibility” Kevin Mitnick says that if a hacker has physical access to your phone like the aforementioned scenario, all they need to do is open your browser, type in ‘FlexiSPY.com’, down the software, and they will have access to your messages, photos, they can overhear your phone calls, and be notified of your location at any given time. Mitnick suggests always having the latest version of iOS and GoogleOS and a strong digitized password.
Speaking of cameras, how they can they be used to spy on you?
It says a lot when Facebook CEO Mark Zuckerberg and former FBI Director James Comey uses tape over their laptop cameras to stop hackers from spying on them. Think they’re being paranoid? They’re not. Digital Spy reports that the most common way hackers gain access to your microphone or FaceTime camera is through the use of Trojan horse malware that can be downloaded to your phone through something as simple you downloading a song, clicking a link, opening an email or any “innocent-seeming” activity. The malware lets hackers take control of your device, and can give them access to your camera – a very scary thought.
How to avoid this: Use a 6-digit password instead of four
From the good old ‘1,2,3,4’ to birth dates and anniversaries, 4-digit passwords just aren’t bringing it hard enough anymore. You’ve got to up your game with a 6-digit password! A longer, more complex password makes it harder for strangers and hackers alike to access your phone – just don’t complicate it so much that you constantly forget. You can also use a fingerprint or facial recognition login process, however, a digitized password is safer as your face or finger could be used against your will. Those hackers will need the tools of a Russian election meddler to get into your phone!
You could also: Use two-factor authentication for logins
Going through two steps to log into your banking app may sound unnecessary, but with such important personal information stored there, we can’t stress how necessary it actually is. Android phones have a fantastic feature that allows you to lock individual apps – so if anyone does get passed your lockscreen, they will have to encounter a second line of defense by entering another password. For iPhones, you can lock certain notes in your ‘notes’ app, such as passwords, card information and more, allowing only someone with the password to access it.
Don’t be the person who clicks a link from dodgy emails and SMSes
If receive an inbox message from your LinkedIn profile from a profile proposing a business venture, or, if you receive an SMS offering to increase your credit card limit by simply giving a few of your personal details, trust the voice inside of your that tells you opening it is not trustworthy.
Hackers and scammers are able to steal your identity, credit card information and even your home address just by you clicking on that link. A July 2018 report on Independent Online has warned Absa bank users of a new email scam doing the rounds that’s taking advantage of the company’s new logo design to catch customers. The email says it’s from Absa CEO Mario Ramos, however, it uses a “email@example.com” address. The email invites you to check out the bank’s new PDF email statements, which is actually a link to a phishing scam website. “Once they have won your trust, they will then request sensitive information such as your card PIN, card CVV or online banking password. It is important to note that Absa will never contact customers and request sensitive information,” said the real Absa in a statement.
Android phones can sometimes be more susceptible to dodgy messages that come through apps, however, the App Store for iOS users offers total protection in this regard.
So how do they do it?
There’s a new text message scam called “smishing” that let’s thieves access your smartphone just by sending you a text message or email that sounds perfectly legit. For example, an SMS might pose as your bank letting you know that money has come out of your account, followed by a link or number to call if it wasn’t you. If you click the link or call the number, hackers will be able to access more of your person info. Unfortunately, you can’t stop smishing messages from being sent to your phone – but you can stop yourself from falling for them.
Haven’t updated your operating system?
We know those constant messages asking you to update your software are annoying, however, they serve a larger purpose. Software developers often upgrade the security measurements on a phone which each new update, even if it’s just a small change. Not keeping up to date leaves your phone open to hackers who are advanced enough to access your phone through flaws in the system thanks to a lack of updating.
If you’re an Apple user, connect your phone to WiFi, go to Settings, then General, then Software Update. However, if you’re an Android user, it’s a little more complicated as not all Android manufacturers release their monthly updates. Security software then becomes more important for Androids.
So how do they do it?
A July 2018 report in The Guardian spoke about a fault in the Bluetooth encryption process that smartphone makers didn’t fix or notice until recently. Apple, Google and Intel’s hardware are among those at risk if not updated immediately, according to the Computer Emergency Response Team (CERT) in the US. The flaw arises from a missing check on keys while data is encrypting. These are the “keys” that your device and the one you’re pairing with exchange to lock down communications so that outsiders can’t understand or steal the data you’re transmitting. Apple and Google are aware of the mistake and have corrected it in iOS 11.4 and ChromeOS and Android, so ensure your phone is updated!