{"id":31987,"date":"2024-08-31T10:50:03","date_gmt":"2024-08-31T10:50:03","guid":{"rendered":"https:\/\/goodwriterz.com\/site\/?p=31987"},"modified":"2024-08-31T10:50:03","modified_gmt":"2024-08-31T10:50:03","slug":"why-cyber-criminals-love-phones","status":"publish","type":"post","link":"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/","title":{"rendered":"Why Cyber Criminals Love Phones"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >\u062c\u062f\u0648\u0644 \u0627\u0644\u0645\u062d\u062a\u0648\u064a\u0627\u062a<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#The_Smartphone_As_a_Target\" title=\"The Smartphone As a Target\">The Smartphone As a Target<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#Apps_and_Data_Leaks\" title=\"Apps and Data Leaks\">Apps and Data Leaks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#Choose_Your_Phone_Brand_Carefully\" title=\"Choose Your Phone Brand Carefully\">Choose Your Phone Brand Carefully<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#Smishing_Attacks\" title=\"Smishing Attacks\">Smishing Attacks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#Loss_of_Devices\" title=\"Loss of Devices\">Loss of Devices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#SIM_Swapping\" title=\"SIM Swapping\">SIM Swapping<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#Public_Wi-Fi_and_Network_Spoofing\" title=\"Public Wi-Fi and Network Spoofing\">Public Wi-Fi and Network Spoofing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#Its_a_Computer_So_Patch_It\" title=\"It&#8217;s a Computer, So Patch It\">It&#8217;s a Computer, So Patch It<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/#Dont_Forget_the_Users\" title=\"Don&#8217;t Forget the Users\">Don&#8217;t Forget the Users<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p> Safeguarding your data by protecting your computers? Great. Don&#8217;t forget the one in your pocket that you make calls on. Smartphone cybercrime figures increase every month. And that&#8217;s really no surprise. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":0,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":0,\"nbrPlacementsScanned\":0,\"ruleCount\":200,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":204} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":0,\"ruleCount\":200,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":200,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><br \/>\n<!-- No winning ad found for zone: below first paragraph! --><br \/>\n<!-- No winning ad found for zone: native in content! --><\/p>\n<h2 id=\"the-smartphone-as-a-target\"><span class=\"ez-toc-section\" id=\"The_Smartphone_As_a_Target\"><\/span> The Smartphone As a Target <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> Some cyberattacks are targeted at a specific individual or company. The victim is selected because they are a high-value target to the threat actors.\u00a0High value\u00a0most often means rich financial gains for the threat actors. But sometimes their goal is to exfiltrate sensitive or private documents, intellectual property, or industrial secrets. Occasionally, the entire motive is to cause trouble for the victim. Hacktivists, for example, will try to destroy the victim&#8217;s IT systems and information. They want to cause operational and reputational damage to the victim. High value doesn&#8217;t always mean money. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":608} --><\/p>\n<p> Often the attackers are sophisticated\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Organized_crime#Cybercrime\">organized crime<\/a>\u00a0cyber groups or state-sponsored\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_persistent_threat\">advanced persistent threats<\/a>\u00a0groups (APTs). Many of the attacks they launch are against knowledgeable, well-defended targets, and are very difficult to accomplish. They require significant financial backing, top-tier technical skills, a lot of manpower, and operational guidance and control. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":1,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":1,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":990} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":1,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> The recent attack on\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.fireeye.com\/\">FireEye<\/a>\u00a0is a case in point. The attack\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/edition.cnn.com\/2020\/12\/08\/tech\/fireeye-cyberattack\/index.html)\">was so sophisticated<\/a>\u00a0that investigators believe the perpetrators are a state-sponsored APT. The value, in this case, was stealing the software tools that FireEye uses to probe its customers&#8217; cyber defenses. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":272} --><\/p>\n<p> By contrast, other cyberattacks try to snare as many victims as possible. No individual target is singled out. The threat actors are playing a numbers game. The more shots at goal they have the more often they&#8217;ll score. So it is inevitable that their attention has turned to cellphones. The numbers are staggering. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":588} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":738} --><\/p>\n<p> With that size of a target, it is inevitable that cybercriminals are using and developing attacks to compromise phones and monetize their efforts. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":886} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":886} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":886,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":14,\"nextBlockCount\":307,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1193} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":2,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":2,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":2,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<h2 id=\"apps-and-data-leaks\"><span class=\"ez-toc-section\" id=\"Apps_and_Data_Leaks\"><\/span> Apps and Data Leaks <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> Phones can run apps. It&#8217;s one of their biggest attractions. They&#8217;re easy to install and the majority are free. Unfortunately, they can be a cause of data leakage. The developers of the apps need to make money. If they are not charging for the app you have to ask yourself how are they funding development. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":293} --><\/p>\n<p> The answer is probably by selling information about you, such as your phone and app usage statistics, your contacts, communications, browsing habits, geographical location, your installed apps, and more. The worst examples of these apps will also capture login credentials and passwords for websites you visit, VPNs that you use, and so on. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":635} --><\/p>\n<p> Riskware is the name used for free apps that offer to do something entertaining or useful&#8212;and actually deliver on that promise&#8212;but secretly siphon off information and send it back to the app publishers to be sold to advertisers or criminals.\u00a0Riskware is different from a phone becoming infected with covert malware. With riskware, the owner of the smartphone chooses to install the app and is aware that it is going to be added to their device. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":3,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":3,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":1086} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":3,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> With the steady blurring that is happening between people&#8217;s personal digital lives and their corporate digital lives, most users will be able to get their personal and their business email on the same phone, and it is common for people to juggle multiple inboxes on the same device, often in a blended view.\u00a0Riskware, or other more malicious apps, will happily harvest data whether it is personal or corporate. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":413} --><\/p>\n<p> Staff who haven&#8217;t been issued with a corporate phone will have a private phone, and they&#8217;ll bring it to their place of work and want to connect to the Wi-Fi. Personal phones should be relegated to the guest Wi-Fi or to another Wi-Fi segment set up for employees&#8217; personal devices. They must not be allowed to connect to the main network. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":752} --><\/p>\n<p> To govern which apps can be installed onto corporate devices you can use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Mobile_device_management\">mobile device management<\/a>\u00a0(MDM) software. This allows you to establish allow lists and deny lists of apps, to track the location of stolen phones, and to remotely wipe them if required. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":4,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":4,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":1012} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":4,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> MDM systems can block known bad apps and query unknown apps. Once vetted, the apps are either permitted or blocked. The hard part is to do this in a way that doesn&#8217;t overwhelm technical staff and that doesn&#8217;t grate on your users. A centralized management system and clear guidance provided when the phone is allocated will help on both fronts. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":345} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":345} --><\/p>\n<h2 id=\"choose-your-phone-brand-carefully\"><span class=\"ez-toc-section\" id=\"Choose_Your_Phone_Brand_Carefully\"><\/span> Choose Your Phone Brand Carefully <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/uk.reuters.com\/article\/us-usa-china-contracting\/u-s-federal-contract-ban-takes-effect-for-companies-using-products-from-huawei-others-idUKKCN25928Y\">well-documented ban<\/a> prohibiting US federal contracts from being awarded to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.huawei.com\/en\/\">Huawei<\/a> and several other Chinese companies is based on suspicions that the Chinese government could&#8212;using provisions in China&#8217;s 2017 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/uk.reuters.com\/article\/us-china-security-lawmaking\/china-passes-tough-new-intelligence-law-idUSKBN19I1FW\">National Intelligence Law<\/a>&#8212;coerce manufacturers to plant back-doors and other spycraft mechanisms into their products. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":680} --><\/p>\n<p> <span class=\"related-single\">Related: The Best Android Phones of 2023<\/span> <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":722} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":722,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":178,\"nextBlockCount\":474,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1196} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":5,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":5,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":5,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> That may be a clear and present threat, but government-sanctioned backdoors aren&#8217;t the only type of built-in snooping techniques that can find their way into devices right at the factory.\u00a0 A recent case saw <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.indiatoday.in\/technology\/news\/story\/gionee-found-guilty-of-infecting-20-million-of-its-phones-with-malware-to-profit-from-users-1747111-2020-12-06\">four Chinese nationals<\/a>\u00a0involved with Chinese budget phone manufacturer Gionee sentenced for doing just that. It wasn&#8217;t motivated by loyalty to the state&#8212;or from fear of reprisals for not complying with government orders&#8212;it was a simple case of financial gain. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":296} --><\/p>\n<p> Xu Li, the legal representative of Gionee subsidiary Shenzhen Zhipu Technology colluded with Zhu Ying the deputy general manager of Beijing Baice Technology, and two of Beijing Baice&#8217;s software developers to install a version of the Story Lock Screen app that was a trojan app. It downloaded and installed a powerful software development kit (SDK) that allowed them to control the phones once they were infected. Over 20 million phones were compromised in this way. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":763} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":763,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":137,\"nextBlockCount\":417,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1180} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":6,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":6,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":6,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> There is no evidence that Gionee was aware or involved. It appears to have been a supply chain attack perpetrated by insiders in the supply chain. In just under a year the two companies made over USD 4.25 million by sending adverts to the phones. Being the victim of adware is bad enough, but the same techniques could be used to deploy more insidious strains of malware such as keystroke loggers and other spyware. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":280} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":280} --><\/p>\n<h2 id=\"smishing-attacks\"><span class=\"ez-toc-section\" id=\"Smishing_Attacks\"><\/span> Smishing Attacks <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> Phishing attacks are fraudulent emails that masquerade as emails from well-known organizations. They are designed to coerce the recipient into performing some action to the benefit of the threat actors. Usually, this means opening an attachment or clicking a link. The aim might be to infect the victim&#8217;s computer with malware or to try to harvest login credentials. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":648} --><\/p>\n<p> Smishing attacks are phishing attacks delivered by SMS message instead of email. This delivery method has several advantages for the threat actors: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":797} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":797,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":103,\"nextBlockCount\":1227,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":2024} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":7,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":7,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":7,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<ul>\n<li> They don&#8217;t need to dress the message in the colors, fonts, and other trappings of corporate livery to make it look convincing. <\/li>\n<li> People expect SMS messages to be short and sweet. They don&#8217;t expect to be told the entire story in the SMS. It is commonplace to click a link in an SMS to learn more and to get the finer detail. <\/li>\n<li> People will more readily overlook poor grammar and misspellings in an SMS message. We&#8217;re all used to predictive text mishaps and while this shouldn&#8217;t happen in a corporate SMS message, that conditioning makes us more forgiving with that type of error than we would be in a corporate email. <\/li>\n<li> In the space-restricted world of SMS messages, shortened URLs are the norm. And shortened URLs can be used to hide the real destination of the link. <\/li>\n<li> It is easy to fake&#8212;or spoof&#8212;the number that sent an SMS message. If you receive an SMS from a telephone number that matches a contact in your address book, your phone will believe that is who sent it. The SMS messages will be identified as having come from that contact and they will be placed in the conversation list for that contact, alongside all of the genuine messages from that contact. All of that adds to the illusion that the message is genuine. <\/li>\n<\/ul>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":8,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":8,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":1124} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":8,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> End-point protection suites usually have clients for cellphones, and these will go some way toward preventing malware installations. The most effective defense. of course. is to train your staff to be aware of smishing, to recognize fraudulent messages, and to delete them. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":275} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":275} --><\/p>\n<h2 id=\"loss-of-devices\"><span class=\"ez-toc-section\" id=\"Loss_of_Devices\"><\/span> Loss of Devices <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> Losing a phone puts a tremendous amount of information about the owner of the phone at risk. If the phone has <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cnbc.com\/2018\/10\/12\/kanyes-iphone-password-is-00000-heres-how-to-keep-your-phone-safe.html\">a poor password or PIN<\/a>\u00a0it won&#8217;t take long for the threat actors to discover it. PINs based on significant dates are a poor choice. Clues to the dates can be often be found in your social media posts. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":587} --><\/p>\n<p> Using a strong password or PIN and turning on encryption are good measures to protect the data&#8212;both personal and corporate&#8212;inside your phone. Installing or configuring tracking options is a good idea so that you can see the location of the device. This can aid recovery. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":863} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":863,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":37,\"nextBlockCount\":235,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1098} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":9,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":9,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":9,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> If you have added a Google account to your phone, Google&#8217;s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/support.google.com\/accounts\/answer\/6160491?hl=en\">Find My Device<\/a> should be turned on automatically. Apple has a similar service called <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/support.apple.com\/en-gb\/guide\/icloud\/mmfc0ef36f\/icloud\">Find my iPhone<\/a>.\u00a0A third-party centralized system might better suit some corporate needs. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":198} --><\/p>\n<p> The ultimate sanction is to remotely wipe the device. This requires Mobile Device Management software (MDM). You may already have some available to you. If your company uses Microsoft 365 for example, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/admin\/basic-mobility-security\/set-up?view=o365-worldwide\">basic MDM is provided<\/a> for you. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":431} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":431} --><\/p>\n<h2 id=\"sim-swapping\"><span class=\"ez-toc-section\" id=\"SIM_Swapping\"><\/span> SIM Swapping <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> You don&#8217;t need to lose your device to lose control over it.\u00a0When you buy a new phone you can transfer the existing number to the new device and activate that as your current &#8216;live&#8217; handset. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":623} --><\/p>\n<p> If scammers can gather some information about you they can ring your phone provider and have your number transferred to a handset that is under their control, in a sting called SIM Swapping.\u00a0To make the transition to your new phone as smooth as possible, both Apple and Google will download copies of all your apps, settings, and data to the new handset. Unfortunately, it is under the control of the threat actors. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":10,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":10,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":1041} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":10,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> <span class=\"related-single\">Related: How to Protect Yourself From SIM-Swapping Attacks<\/span> <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":60} --><\/p>\n<p> A variant on this is to use social engineering techniques to obtain a (say) 5G SIM card for the victim&#8217;s phone number, either online or at an outlet. The threat actor then calls the victim and pretends to be from the victim&#8217;s phone provider informing them of a free upgrade to 5G. They tell them that an upgrade code will shortly follow. They then text the victim the activation code that came with the fraudulently acquired 5G SIM card. When the victim activates the service it doesn&#8217;t upgrade their old 4G SIM. Instead, it ceases the service to it and activates the new 5G SIM. The threat actors have effectively cloned your phone. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":695} --><\/p>\n<p> These are targeted attacks. The victims have something on their phones that makes the effort worthwhile. The most famous cases of these have targeted cryptocurrency traders or individuals with high-value cryptocurrency accounts. Swapping the SMs allow their digital wallets to be accessed. Individual losses have amounted to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cnbc.com\/2018\/11\/21\/hacker-lifts-1-million-in-cryptocurrency-using-mans-phone-number.html\">tens of millions of dollars<\/a>. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":11,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":11,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":1050} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":11,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":0} --><\/p>\n<h2 id=\"public-wi-fi-and-network-spoofing\"><span class=\"ez-toc-section\" id=\"Public_Wi-Fi_and_Network_Spoofing\"><\/span> Public Wi-Fi and Network Spoofing <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> Phones and other mobile devices are great because of their portable nature, and because they let us get online wherever there is a Wi-Fi connection that we can join. But you need to be careful when you are on public Wi-Fi. Everyone who is using that Wi-Fi is on the same network, and the threat actors can use a laptop and some network packet capture and analysis software to snoop on what your cellphone is sending and receiving. So what you might have thought was private is not private at all. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":498} --><\/p>\n<p> You shouldn&#8217;t use public Wi-Fi if you are going to need to enter a password to log in to one of your sites or to check your email. Don&#8217;t do anything sensitive like online banking or using PayPal or any other payment platform. Don&#8217;t do anything that will reveal any of your personally identifiable information. Checking the sports scores or catching up on the news is fine. If you&#8217;re doing anything else, you should always use a Virtual Private Network (VPN). A VPN sends your data down a private encrypted tunnel making it impossible for threat actors to see. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":12,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":12,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":1059} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":12,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p> For a couple of hundred dollars, threat actors can buy portable devices that act as Wi-Fi access points (WAPs). They&#8217;ll set up camp in a coffee shop or other public space, and configure their dummy WAP to have a name similar to the genuine free Wi-Fi connection. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":264} --><\/p>\n<p> Unsuspecting victims&#8212;usually those in a rush&#8212;will connect to the threat actor&#8217;s bogus Wi-Fi instead of the genuine free Wi-Fi. The threat actor&#8217;s Wi-Fi is connected to the genuine Wi-Fi so the victim does get online, but everything that the victim types is captured by the threat actor&#8217;s device. A VPN will keep you safe in this circumstance too. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":616} --><\/p>\n<p> A reputable VPN is a must if you are going to be using public Wi-Fi for anything other than the most mundane web browsing. Of course, if you have a really high data quota in your phone package you might not need to join a public Wi-Fi at all. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":860} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":true,\"currentRuleCount\":900,\"actualCount\":860,\"hasActualCountMetThreshold\":true,\"countRemainingForInjection\":40,\"nextBlockCount\":167,\"hasCountRemainingForInjectionMetThreshold\":true,\"nextCount\":1027} --><\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":13,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":13,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":900} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":13,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":true,\"actualCount\":0} --><\/p>\n<p> And while we&#8217;re talking about public spaces, avoid publicly shared phone charge points. If they have been compromised they can inject malicious code into your phone. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":127} --><\/p>\n<p> <span class=\"related-single\">Related: What Is &#8220;Juice Jacking&#8221;, and Should I Avoid Public Phone Chargers?<\/span> <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":204} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":204} --><\/p>\n<h2 id=\"it-s-a-computer-so-patch-it\"><span class=\"ez-toc-section\" id=\"Its_a_Computer_So_Patch_It\"><\/span> It&#8217;s a Computer, So Patch It <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> The modern phone is a computer in your pocket that you happen to be able to make calls on. It has an operating system, it runs apps, and you should have some sort of end-point protection suite running on it. All of these should be the current versions and kept patched up to date. <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":486} --><\/p>\n<p> This can be more of a challenge with Android phone than with other devices. Different handset manufacturers blend their own integrations into vanilla Android before distributing it. Samsung, HTC, Sony, and others all provide their own modifications to Android.\u00a0This slows down the release of Android patches because the patch has to be released to the manufacturers from Google, and then embellished by the third-party manufacturers before it is released to the end users. <\/p>\n<p><!-- Repeatable debug data: {\"injection\":\"before\",\"adPosition\":14,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":14,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":961} --><!-- Zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"after\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":14,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"isEarlyInjection\":false,\"actualCount\":0} --><br \/>\n<!-- Repeatable debug data: {\"isEarlyInjection\":false,\"currentRuleCount\":900,\"actualCount\":0,\"hasActualCountMetThreshold\":null,\"countRemainingForInjection\":null,\"nextBlockCount\":null,\"hasCountRemainingForInjectionMetThreshold\":null} --><\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":0} --><\/p>\n<h2 id=\"don-t-forget-the-users\"><span class=\"ez-toc-section\" id=\"Dont_Forget_the_Users\"><\/span> Don&#8217;t Forget the Users <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> Adopt good business practices such as app vetting, deploying encryption, and Mobile Device Management. Provide guidance to your staff so that they know the basic cyber-hygiene for phone usage. Tell your employees to: <\/p>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":218} --><\/p>\n<ul>\n<li> Use strong PINs, passwords, or fingerprint recognition. <\/li>\n<li>Always use a VPN on public Wi-Fi. <\/li>\n<li> Turn off Bluetooth and Wi-Fi when you&#8217;re not using them. <\/li>\n<li> Be careful what apps you download. Research them first. <\/li>\n<li> Turn on backups. <\/li>\n<li> Avoid public phone charge points. Carry a booster battery instead. <\/li>\n<\/ul>\n<p><!-- No repeatable ad for zone: character count repeatable. --><!-- Repeatable debug data: {\"injection\":\"none\",\"adPosition\":15,\"startingPoint\":0,\"skipEvery\":null,\"nbrPlacementFilledEachSkip\":15,\"nbrPlacementsScanned\":15,\"ruleCount\":900,\"degradationStartingPoint\":1,\"stopAds\":null,\"actualCount\":511} --><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Safeguarding your data by protecting your computers? Great. Don&#8217;t forget the one in your pocket that you make calls on. Smartphone cybercrime figures increase every month. And that&#8217;s really no surprise. The Smartphone As a Target Some cyberattacks are targeted at a specific individual or company. The victim is selected because they are a high-value &#8230; <a title=\"Why Cyber Criminals Love Phones\" class=\"read-more\" href=\"https:\/\/goodwriterz.com\/site\/why-cyber-criminals-love-phones\/\" aria-label=\"Read more about Why Cyber Criminals Love Phones\">\u0625\u0642\u0631\u0623 \u0627\u0644\u0645\u0632\u064a\u062f<\/a><\/p>\n","protected":false},"author":1,"featured_media":31988,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[1037,250],"class_list":["post-31987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-web"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/goodwriterz.com\/site\/wp-content\/uploads\/2024\/08\/Why-Cyber-Criminals-Love-Phones.jpg?fit=1200%2C675&ssl=1","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/posts\/31987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/comments?post=31987"}],"version-history":[{"count":0,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/posts\/31987\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/media\/31988"}],"wp:attachment":[{"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/media?parent=31987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/categories?post=31987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/goodwriterz.com\/site\/wp-json\/wp\/v2\/tags?post=31987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}