Be honest; no one's judging you. Have you ever downloaded an app from an unfamiliar website?
Clicked on a link a friend forwarded to your smartphone? Typed your password while you were in line at the café?
If you answered "yes" to any of the above, you were asking for trouble, and you probably didn't realise just how close you came to being another victim of a security breach.
From a security perspective, mobile devices are far riskier than desktops or laptops, and most people frequently, and unknowingly, do things on their mobile devices that make them susceptible to fraud, identity theft, data loss and all kinds of other nasty things.
Therefore, the time is now to grab the reins and take back control. Here are five tips that will help keep you safe in mobilespace and empower you to do more on your mobile gizmos, with greater peace of mind.
1. Know where danger lurks
"Malware" or malicious software and viruses have moved to the web-but do you know where you're most likely to pick up an infection?
Yes, pornography sites are the most hazardous, according to recent research by Blue Coat Security Labs, but in fact mobile users are only visiting porn sites less than one percent of the time. The places mobile users most frequently visit that have high risk include:
- Computers/Technology: Technology sites have lots of downloads and you can never be quite sure what's legitimate. For example, one of the first offers of an Android version of Skype was actually a piece of malware.
- Web advertisements: Cybercriminals have been refining "malvertising" for mobilespace. Recently, for example, an ad for an Angry Birds download was a malicious app that actually made premium SMS calls and then billed people without their knowledge.
- Entertainment sites: Games and gambling sites are popular destinations for mobile users-and equally popular for purveyors of malware, "phishing" exploits, and bogus downloads such as PDFs or browser updates.
- Search engines: As search engines become more widely used in mobilespace, search engine poisoning (SEP) tactics are becoming increasingly more prevalent. This is when search engine results have been hijacked by cybercriminals to lure users to malware, by pretending to offer content relevant to searches.
2. Click with care
The mobile webscape is filled with ads, offers, promotions and weblinks-and there's no easy way to tell which are genuine and which aren't. You can't even tell by looking at the URL; for example, the Yammer mobile app has a different URL than the web-based version, but both are legitimate.
Many tempting offers even duplicate the look and feel of legitimate sites - but are designed to deliver malicious payloads that steal your personal information. So when surfing the net on your phone, be careful what you click. If you're not sure where it will lead you to, don't go there.
3. Beware of shoulder surfing
When you type your password on a desktop computer or a laptop, usually the characters you type are masked-with asterisks, or dots, or something similar.
However, when you type your password using a mobile device, many times the characters are not only visible, but highlighted. This is because mobile screens are small and people want to confirm that they've entered the password correctly before they proceed. That's why shoulder surfing, which is simply to look over someone's shoulder and steal their password, is an increasingly popular low-tech tactic used by identity thieves.
4. Stick to the app store
The mobile web is loaded with offers of free app downloads, most of which are legitimate; however, many of them are not. Some are so-called "drive-by download" exploits that embed viruses, spyware, or malware onto your mobile device.
So, how can you tell the difference? For all practical purposes, you can't. The URL may look suspicious but may actually be legitimate; it may look legitimate and actually be fake. The best policy for apps is to avoid downloading from sites that are mobile-only or that are littered with ads. In general, download apps only from trusted app stores. After all, you wouldn't buy Microsoft Office from a back alley store in the bad part of town.
5. Don't swallow phish bait
"Phishing" scams try to trick people into surrendering private information by pretending to be a legitimate enterprise. For example, you get an email that looks like it's from eBay, claiming that your account is about to be suspended unless you click a link and update your credit card information.
As a tactic, phishing is far more productive than spam in the mobile arena. So what can you do to protect yourself?
First, be informed. Banks, credit card companies, Her Majesty's Revenue and Customs (HMRC), and other legitimate institutions will never communicate with you and request information that way. If you're unsure, call them directly.
The same goes for warnings of an impending "computer crash" that will happen if you don't click, or claims that you've won money, or that your password has been compromised.
Be skeptical and don't bite.
Chris Pace is the director of Product and Solutions Marketing for Blue Coat Systems