Mobile cybercrime is spreading – how do we stay one step ahead?
“Houston, we have a problem”. Astronaut John Swigert used those words to describe a life-threatening fault during the moon flight in 1970. While not exactly of the same magnitude, this phrase also summarises the growing problem we face with the spread of mobile cybercrime in today’s connected world. This continues to drive the on-going efforts by online security experts and vendors around the world to help consumers understand mobile risks and how these risks can impact the security of their personal information.
Most of us have been lucky enough not to be victims of any crime. While we might think that it will never happen to us, the reality is that we are all highly susceptible to crime, albeit of a different nature – mobile cybercrime.
With the Norton Cybercrime Report 2012 finding that one in five Singaporeans had been a victim of social or mobile cybercrime in the past year, there is no better time to draw some parallels between a physical and a digital crime scene. Put on your crime scene investigator hat and you might realise just how vulnerable your mobile devices are to a cybercriminal’s attack, and how similar the scene of a break-in is to when your mobile device has been compromised.
Similar in characteristic but not in scale
In the case of house burglaries, break-ins are often the result of a lack of security or misplaced trust. Would-be thieves could gain access via simple lapses in security - a window left unlocked or an unrepaired hole in the fence. They might also pose as people we trust, giving us a false sense of security as we willingly grant them full access to our valuables, not knowing of their malicious plans and ulterior motives. Such crime scenes leave little or no trace of any illegal activity. Even the point of entry might be good as new – especially in situations where we ourselves let the thieves in.
What I’ve just described is exactly what happens in the case of mobile cybercrime. In an increasingly common scheme to undermine mobile security, cybercriminals use fake applications to retrieve sensitive information or exploit security loopholes – leaving little trace of their presence on your device. This has most recently taken the form of fake apps that steal personal information, including contact details and information. These fake apps, once downloaded, will steal your information and share them directly with cybercriminals. While easy to remove - via uninstalling the app - the damage is done the moment the app is installed. In a recent case, it was estimated that within the first two weeks of a fake app store being setup, up to 450,000 pieces of personal data was stolen from smartphones.
Another form of such malware is mobile adware, or "madware". Similar to malicious apps, madware sneaks onto a user's mobile device once they have downloaded an app, and sends personal information back to cybercriminals - making use of the location and device information being collected by authentic apps. What is perhaps most disturbing is the potential for rapid growth that these apps have. Unlike burglars, who face increased risk of being caught if they commit the same crime repeatedly, these malicious mobile apps are able to spread quickly and viciously across a network, shared and promoted to friends by unsuspecting users.
Why are mobile users falling prey to simple schemes? Taking a closer look, the Norton Cybercrime Report 2012 revealed that one in three Singaporeans do not understand the risk of cybercrime or how to protect themselves, with three in five Singaporeans not using any form of mobile security. This general lack of awareness towards the dangers and risks is compounded by the fact that cybercriminals are increasingly shifting their attention to mobile devices and social networks, emphasising the need for Singaporeans to take charge of their mobile safety.
“Cybercriminals are developing malicious apps to take advantage of the popularity of mobile devices to surf the Internet. In 2012, an estimated 84 percent of Singaporeans accessed the Internet on their mobile phones. With such a high number of mobile Internet users, it is vital for Singaporeans to be aware of the threats present on mobile devices, and take the necessary steps to keep themselves safe,” advised Effendy Ibrahim, Norton Internet Safety Advocate & Director, South Asia, Norton by Symantec.
The fundamentals of mobile safety
So how do we enhance our mobile safety? Here are some simple things you can do to boost the security of your mobile devices – similar to how you would keep your home safe from burglars:
1. Only download apps from app stores you trust- just as how you would not allow strangers or shady characters into your homes, do not allow suspicious apps to gain access to your mobile device.
2. Do not click on unsolicited links from unknown sources– home-owners are usually cautious of door-to-door salesmen that offer great deals; you should be cautious of similar offers you might receive on your mobile device.
3. Be aware of what information your apps are sharing with others, and adjust your security settings – you would not be comfortable if strangers had a free view of all the rooms in your house; secure your phone the same way you would your home.
4. Use the latest security software and update your apps regularly– cybercriminals are constantly developing new threats to bypass outdated security patches, stay updated to stay safe.
It’s important to remember that your mobile devices are constantly connected to the Internet, meaning that you are constantly exposed to mobile dangers. While following these simple tips will give you an advantage against cybercriminals, the best way to stay safe is to make sure that when you are connected on your mobile devices, do so in a safe manner that will keep your personal information secure.
Android.Exprespam Potentially Infects Thousands of Devices, Symantec Security Response Blog, http://www.symantec.com/connect/blogs/androidexprespam-potentially-infects-thousands-devices
Norton Cybercrime Report 2012
The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.
Do you know more about this story? Contact us anonymously through this link.
Effendy Ibrahim is Veeam Software vice president for Asia & Japan, responsible for P&L, revenue targets, regional growth, as well as all marketing programs and activities across both customers and channel partners, from small businesses to enterprises.