An e-mail with the request to “Please click here to confirm your data” or a fake landing page – these are the types of tricks scammers repeatedly use in their attempts to steal sensitive user data. So-called phishing is and remains one of the greatest security risks of the digital era.
ˈfɪʃɪŋ/The name is derived from the word fishing, i.e. angling. The bait is a bogus landing page, e-mail or text message. One very common trick, for example, is an e-mail informing the user that their account information and access data (e.g. user name and password) are no longer secure or up-to-date, and that they need to change them following the link in the e-mail. However, the link doesn’t lead them to the original page of the relevant service provider (e.g. the bank), but to a website that has been set up by the scammer.
In a regular office environment, the security officer can control attacks by using high-performance network security measures. However, we usually don’t have these on mobile devices.
So yes, phishing is probably the most dangerous attack method on mobile to date. And it is also far more complex for the user to identify a fake website or app on a mobile device, which heightens the risk even further.
Yes, unfortunately they do. While phishing e-mails are the most frequent channel used to propagate phishing attacks, other methods have now been developed, such as attacks via text messaging or Facebook messages. And this is especially insidious, as the victims are convinced they are communicating with a friend and don't suspect anything untoward is happening. They follow the link that the supposed contact has sent and fall straight into the trap.
On the other hand, scepticism now tends to be somewhat greater. The biggest danger is that new phishing methods are constantly being developed.
The main threat is in WiFi networks, because it’s especially easy to place fraudulent landing pages there. And to reach them, you don’t even have to click on a link that you might judge to be dangerous. In addition, special equipment can be used to read the data of all users located in the same network.
In the first place, they need to have a sensible password policy. Users should not just use a secure password but, ideally, a different password for each platform. In case of misuse, this prevents criminals from being given access to a wide range of sensitive data.
If possible, companies should look to two-factor authentication, which, in addition to the input of user data, also requires a second step, for instance a text message code to be entered that is sent to the user’s cell phone. This raises security for an account enormously.
Secondly, in addition to a smart password policy, there are also a number of different solutions that support device security and guarantee protection for company data in the event of misuse.
Companies should seek to ensure the security of their mobile fleet across the board. It is advisable, for example, to implement Enterprise Mobility Management, or EMM for short, that can manage all mobile devices. It can be used to enforce security standards – for example the password requirements described above – and to protect company data in the event of attack.
Container solutions, which separate company data and apps from other data, also offer the possibility to delete sensitive data from a device in the event of a cyberattack. There are also several special solutions that can help you to take preventative measures against app, web, device and network-based threats, to detect mobile attacks and to take countermeasures in case of an attack.
Additionally, they can help to block malicious destinations before a connection is established, monitoring login data and warning the user immediately in the event of misuse. In the past, we could only rely on employee awareness to avoid mobile phishing attacks, but these days we have technology to help us prevent such incidents from happening.
As a basic rule, always be alert. Any e-mail or text message calling on you to open a link and enter your data is more than just a little suspicious. For this reason, always navigate to a website via your browser, and only then log in to be certain that you are accessing the right address. Also make sure the page is encrypted; if https is in the web address, it's a secure connection.
A common indication of a phishing e-mail is also in the way you are addressed. Since these e-mails are sent out as mass mailings, you will often just see a generic salutation. Your bank would know your name and use it to address you.
It’s not so much a question of protecting yourself but more one of avoiding public WiFi networks. If this is not possible, people should avoid using sensitive platforms when logged into a public WiFi network – such as online banking portals, for example.
Please do not hesitate to contact us if we can assist you in securing your mobile devices.