Nowadays, the vast majority of American citizens have cell phones or some other sort of mobile device, such as a tablet. With the technology-based society that we live in today, it is hard to navigate day-to-day life without one. With the convenience of those small devices that can go everywhere, more and more actions and activities, that would have typically been conducted on a computer, are now being handled on those mobile devices instead. Hackers now take advantage of this fact by specifically targeting mobile devices with their scams. Many people store sensitive information like passwords or credit card numbers on their phones, which makes obtaining that info the main goal for many scammers. Others may contact you by email or phone call and attempt to trick you into handing over your data. Overall, since mobile devices are one of the most popular and most used types of devices out there, they often become the target of a wide variety of scams that you need to be on the lookout for.
Email Phishing and Smishing
You’ve probably heard of phishing and smishing scams before and may have even seen some first-hand. Phishing is one of the most common methods that scammers use to gain access to sensitive information. Phishing is the practice of sending fraudulent communications to unsuspecting users that appear to have originated from a reputable source. Scammers may mimic logos, slogans, or other things commonly associated with a reputable brand, effectively disguising their fraudulent message. Many phishing attempts happen over email, where a scammer will send an email that appears to be from a reputable person or brand and that somehow tricks the user into giving out their information.
For example, an email might be sent to a user that appears to be from their electric company that says they have a balance due and asks them to input their credit card information in order to pay. Or, an email might be sent that appears to be from Walmart asking you to verify your information for a rewards account. These emails can be hard to spot because, sometimes, scammers will go to great lengths to hide any clues that the email is fraudulent. It is important to always check the email address that the email was sent from to make sure it is legitimate, check for any spelling or grammatical errors within the email content, and never click on links that you do not know are legitimate.
Another common type of phishing is known as smishing. Also known as text phishing or SMS phishing, it operates similarly to email phishing, just through text messages. If you have ever received a random text from an unknown number saying that you have won a prize, have a balance due on an account, asking you to complete a survey, stating that you have a trackable package on the way, etc., then you have almost certainly seen smishing in action. In a smishing attack, a scammer will send a fraudulent text message posing as someone else that contains a malicious link. Once the link is clicked on by the victim, it may lead to a fraudulent website, download malware onto their device, prompt them to input log in or credit card information, and more. In the end, it is important to never interact with emails or text messages that you do not know are legitimate.
Vishing
Vishing, or voice phishing, is another type of phishing scam that particularly targets mobile devices. In a vishing attack, a scammer will call their victim claiming to be someone else in an attempt to steal your information. In all forms of phishing scams, attackers will usually try to incite strong emotions in their victims through manipulation and scare tactics, and vishing scams are no exception. Though these scams, like email and text phishing scams, can come in many forms, some common examples of vishing scams are tech support scams, family emergency scams, and student loan/debt relief scams.
In a tech support scam, a scammer will call an individual posing as tech support for a certain company. Once the victim buys into it, the scammer will ask them for log in information, credit card numbers, or any other form of sensitive information in order to ‘fix’ a problem. In a family emergency scam, a scammer will call an individual pretending to be a loved one and telling them that they need to urgently help them by sending money or other information. And, in a student loan forgiveness or other form of debt relief scam, a scammer will make a call claiming to be from an organization that can help you with your debts. After they have tricked you into believing that they are trustworthy, they will then steal your information.
For more information on the different types of phishing scams, see our article: Most Common Types of Phishing Scams
Fraudulent/Look-Alike Apps
Like fraudulent/look-alike websites, scammers are now also creating look-alike mobile device applications. In order to trick innocent mobile app users, scammers will create fake apps that look and function like legitimate apps. For example, when OpenAI’s ChatGPT chatbot was first released online, it did not have an official app. Scammers took advantage of this by creating apps that appeared to be ChatGPT. Unsuspecting victims downloaded the fraudulent ChatGPT apps onto their phone believing that they were getting the legitimate ChatGPT, when really, they were downloading a fraudulent app.
Fraudulent apps can be scarily similar to the legitimate apps, companies, or programs that they might be impersonating. The catch is, these fraudulent apps will ask for log in information or in-app purchases where the legitimate apps may not, or maybe even get your permission to install malware or spyware program that runs in the background on your phone. Some of the fraudulent ChatGPT apps mentioned above asked users to pay for a subscription, while the legitimate basic version of ChatGPT is free. It is important to pay close attention to the apps that you are downloading. Research the seller, look for obvious duplicates in the app store, and never give out any sensitive information before verifying the legitimacy of an app.
Social Media Scams
Most people today interact with at least one type of social media, and many people engage with their social media accounts most frequently on their mobile devices. These facts make social media a very attractive target to hackers and scammers. Social media scams can often look similar to smishing scams and often occur via the direct messaging features of social media sites, though they can happen in posts and comment sections as well. One of the most common types of social media scams is the brand ambassador scam, in which a scammer will message an individual claiming to represent a brand and asking them if they would like to be a brand ambassador. Once the victim agrees, the scammer will collect their sensitive information.
Scammers may also send fraudulent links though direct messaging or include a fraudulent link in a social media post. If you have ever been tagged by a random account in a post or in the comment section of a post that includes a fraudulent link or talks at all about free giveaways, prize money, etc., then you have been the target of an attempted social media scam. Social media is also the place where many romantic/online dating scams happen. In one of the most emotionally manipulative scams out there, a scammer will pose as a love interest to another person online. After getting to know them and gaining their trust, the scammer will then convince their victim to send them money. After being sent the money or other information they were after, the scammer will desert the ‘relationship.’
Two-factor/Multi-factor Authentication Scams
Many people, in an attempt to protect themselves, have some sort of two-factor authentication (2FA) or multi-factor authentication (MFA) on their accounts that contain sensitive information. 2FA and MFA are both designed to serve as an extra barrier to a hacker that may be attempting to log in to your account. Though there are many different forms of 2FA and MFA, there are a few kinds that are the most common. In one type, when logging into an account that is protected by 2FA/MFA, the user will be prompted on a separate device to approve the log in request. In another type, the user will be sent a verification code upon logging in to an account that must be input into the site that they are logging into. Both types are utilized to verify the identity of the individual logging into an account. Without accepting the request or inputting the code, the user will not be able to log in, which makes it much harder for scammers to access your account without access to the account/device that receives the request/code.
However, scammers are now figuring out ways to trick people into accepting log in requests. In one type of attack, scammers will spam their victims device with log in requests in order to annoy them into accepting the request. Or, scammers may use a combination of several different types of scams to trick you into accepting a request or giving them a code. Sometimes, scammers will initiate a password reset on your device, then contact you and blatantly ask for the code, usually posing as someone else. Either way, never give out a code or accept a request when you are not attempting to log in to an account.
For more information on 2FA/MFA scams see our article: Hackers Are Now Using Irritation to Circumvent MFA
Additionally, as the holiday season approaches and more people are travelling to visit friends and family, scammers might make more attempts at using things like public charging stations or public Wi-Fi networks to infect people’s devices. For more information, read: FBI Warns Against Using Public Charging Stations
Read out previous post here: New Google Ad Scams Are Hard To Detect
