Uncategorized

What Can Someone Do With Your Phone Number.

Just about everyone these days has a cell phone, and it has become intrinsically linked to our identity. Identity thieves are always searching for new ways to get your information and use it for identity theft or fraud.

The most significant danger of handing out your mobile device number is that it could fall into the hands of a cybercriminal and steal information from cell phone. With so much information available in public records and sold on the dark web from data breaches, your cell phone number could link you to a lot of other personal or sensitive information like logins, usernames, passwords, and more.

SMS Insecurity

A lot of apps are linked to your cell phone number also. Using two-factor authentication is great and keeps things safer, but if you have compromised phone number, then hackers have the keys to the kingdom. Some SMS systems are insecure and hackable. Therefore, someone would potentially get that special code that is texted to you from an app, and they could log into your account and change the password before you even realize what is going on. It’s crucial to use end-to-end encrypted SMS platforms for all your communications.

SIM Swapping

SIM swapping is another danger where nefarious criminals use SIM cards linked to your phone to steal access to your phone number and carrier account. This type of danger is very real and scary and usually involves social engineering to trick the phone company representative. By having your cell number, a scammer could trick caller ID systems and get into your financial accounts or call financial institutions that use your phone number to identify you.

Once the scammer convinces your carrier to port out your number, you may never get it back. Scam porting is a big problem for phone owners.

Can Someone Steal My Phone Number?

Yes. Your phone number is out there on the web in various locations. Scammers can use stolen cell phone numbers and use it for two-factor authentication codes and other access to all your texts, apps, and other online accounts, they could have your cell phone number hijacked and do it through SIM swapping. This is how it occurs:

First, they buy a burner phone and pop a new SIM card into it. They then call your wireless phone carrier and pretend to be you. If the hacker has enough information to convince the person, they may transfer your service and phone number to that blank SIM card and the new burner phone. Now your phone number has been stolen, and you aren’t even aware of it. All your texts, phone calls, and 2FA codes will now go to the hacker’s phone instead of yours. If you have access to bank accounts and other apps tied to your phone number, they will now have access to that stuff as well. Many location-based systems will think it’s you just by the scammer calling from your phone number. If hackers get this far, they can then change all your passwords and lock you out of your own accounts. Very scary stuff.

How Do Scammers Get Your Phone Number?

One of the most common ways scammers get your phone number is through the many data breaches and treasure troves of raw data found and sold on the dark web.

Another way is by picking through your trash and grabbing an old bill with your phone number on it.

Using a people search site, someone could glean a whole lot of information on cell phone numbers, such as any criminal records, past addresses, social media accounts, arrests, warrants, court cases, relatives’ information, and more.

How Much Info Can You Get From a Cell Phone Number?

It’s actually quite shocking how much information you can get from just a cell phone number. The list begins with your name and possibly address. Some other things might be:

  • Past addresses.
  • Relatives’ names.
  • Where you live.
  • Your assets and how much you paid for your house.
  • All your criminal records.
  • Driving records.
  • Legal issues (bankruptcy, liens, taxes, court cases, lawsuits, etc.).
  • Travel information.
  • Social media accounts.
  • Other online accounts.
  • Email addresses.
  • Vital records.
  • Deep web and dark web records.
  • Mugshots.
  • Professional licenses.
  • IP address.
  • VIN number.
steal information from cell phone

11 Ways How Can Scammers Use Your Phone Number

Unfortunately, the power of your phone number is immense, giving hackers and scammers a lot of options to do bad things. Some of the most common are:

  1. Access your social media accounts.
  2. Text message or contact your friends and family to scam them.
  3. Spoofing your phone number and calling people you know to commit fraud.
  4. Text phishing messages to your contacts – this is called “smishing.”
  5. Hijack your mobile phone number and take over your digital life.
  6. Commit identity theft pretending to be you.
  7. Access your online bank accounts or credit card accounts and take them over. 
  8. Use your number for robocalls. 
  9. Send phishing emails to your email account. 
  10. SIM swap to steal your phone number. 
  11.  Access your voicemail.

What Steps to Take if Scammers are Using Your Phone Number

The best way to avoid this cybersecurity disaster is to prevent it from ever happening. However, if you suddenly find that scammers are using your phone number to commit fraud or scam others, you should take these immediate steps:

  • Contact your wireless service provider and report the abuse. Ask them to put a secondary password on your account so no one can take it over without the password. 
  • Let your friends and family know that your number is being used in this way.
  • Stop giving your phone number out online and to anyone who requests it.
  • Stay clear of websites and apps that link to your phone.
  • Turn on two-factor authentication for all your accounts.
  • Get a phone number through Google voice which is not linked to anything else.
  • Never click on links in texts or email. Malware is often linked to text messages or email.
  • Use very strong passwords and never reuse them on multiple websites.
  • Use third-party authenticators when you can. 
  • Update your security questions on all accounts including Gmail.

Do all you can to keep your phone number safe from hackers and identity thieves.

Uncategorized

DIFFERENT WAYS THAT YOUR EMAIL ADDRESS CAN BE EXPLOITED BY HACKERS.

At the very least, you need to understand the damage done when a hacker gains access to your email. Here are just a few ways in which cyber-criminals can exploit your email address.

Scamming Your Contact List

This is where most hackers begin. When they gain entry to your email account, they also gain access to your digital contact list. If you have ever received a strange email from a friend asking you to click a link or send money, chances is hacking of the account. The link’s intention is to infect your computer or the money is going to the hacker.

Mass Email Scams

Once hackers have finished targeting your contacts, they will likely move on to larger email scams. They do this by using your email address to send out massive mailings to lists of unknown recipients. Phishing scams try to get recipients to click a spam link, download a malicious file, or send information or money is commonplace. Hackers rarely use email addresses traced back to them. Why should they when they can use an address that leads to you?

Infiltrating Devices and Programs

With strong password protection, a secure email service, and some common sense, such as not to click spam links or download dangerous files. This gives the opportunity to avoid having your email hacked. If hacked, however, chances are even HIPAA encryption levels cannot stop hackers from infiltrating your computer, programs, attached mobile devices, your cloud, and even online shopping accounts.

Most people put all their eggs in one basket. If hackers gain access to your email, they could have an open doorway to any number of other devices and accounts. They can use your email to reset other account passwords, gain access to credit information, or even delete accounts, such as social media profiles.

Ruining Your Online Reputation

With strong password protection, a secure email service, and some common sense, such as not to click spam links or download dangerous files. This gives the opportunity to avoid having your email hacked. If hacked, however, chances are even HIPAA encryption levels cannot stop hackers from infiltrating your computer, programs, attached mobile devices, your cloud, and even online shopping accounts.

Most people put all their eggs in one basket. If hackers gain access to your email, they could have an open doorway to any number of other devices and accounts. They can use your email to reset other account passwords, gain access to credit information, or even delete accounts, such as social media profiles.

Uncategorized

10 Cyber security Tips for Online Shopping.

  1. Skip the debit card
    When shopping online it’s best to stick to credit cards or payment services like Paypal. Because debit cards are linked to your bank account, you’re at much higher risk if someone is able to hack your information. Credit cards offer more protection and less liability if a card number gets stolen. This is one time when it pays to put it on plastic.

“When a fraudulent site or transaction is found, credit card companies will typically immediately reverse the charge and conduct an investigation. “If you use your debit card and there is a problem, your bank may not give you the money back until after an investigation is conducted, which could take weeks or months.”

  1. Shop secure sites only
    Before entering any personal or financial information, make sure you verify that the site you are on is legitimate and secure. The easiest way to tell is to look for “https” at the beginning of a site’s address. If you don’t see the “s” at the end of “http,” then the site is not encrypted and your data will not be secure. All legitimate shopping sites will have the “s” for your protection.
  2. Update your software

    Updating your software is one of the easiest things you can do to protect your information, but many people put it off. Software updates are often released to help improve security and fight new attacks that are being developed constantly. It may seem inconvenient to have to wait for your computer (or your smartphone) to go through updates and restart, but the protective benefits are well worth it. Next time you see an alert to update your software, do it.

Outsmart email scams
The holidays are a great time for email scammers to send out viruses and malware in the guise of a gift or special offer. Don’t open emails from someone you don’t know or a site you haven’t visited. Another way the bad guys try to get you is with phony messages from your bank or other financial institution saying there is an alert or problem with your account. Always call the bank directly to verify any potential problems and never enter your account information in response to an email like this.

Don’t click on links
In addition to sneaky attacks in emails, beware of links to deals that are too good to be true on social networking sites. Look out for unbelievable offers and holiday gifts and bonuses. If you’re really tempted by an offer, do some research or find out if anyone else has tried to take advantage of the deal before clicking.

Beef up your passwords
Best Password Managers Buyers Guide
Dashlane Password Manager Logo
SEE TOP PICKS
There’s a reason this piece of advice may sound like a broken record — it’s really important. Secure, unique passwords are your best gatekeepers when it comes to keeping your private information private. If you use the same password for multiple sites, take the time to change them up. If you want to be virtually hack-proof, use a password generator and manager to help you devise and keep track of the types of long, complicated passwords that are not worth a hacker’s time to crack.

Never give more info than needed
Most websites you visit or shop on will ask you for information to complete your purchase or start a wish list. Give them only the information they require you to provide. If a complete address or phone number is optional, then skip those fields. The more info you put out there, the more accessible you are to a bad guy. And before committing your information to a site, take the time to read their privacy policy and find out exactly where and how your information will be shared.

Don’t go public
Free hotspots are like manna from heaven when you’re out and about, but hackers like them even more than you do. Because public networks aren’t secured, any information you enter on a public network is ripe for the picking. Don’t log in to banking sites or payment sites like Paypal on a public network — and make sure that you are logged out of such sites on mobile devices before connecting to a public network.

Be smart about shopping apps
Apps make everything more convenient, including stealing your private information. Only download shopping apps from a reliable source like the Apple App Store or Android Market. Pay attention to the permissions that the app asks for. If you see something that doesn’t make sense, like access to your contacts, make sure you don’t allow the app access to it. Checking out the comments and reviews of an app before downloading is another way to identify suspicious activity.

Put devices on lockdown
One of the perks of online shopping is that you can do it from anywhere and use any device. Make sure every device that you shop from has security software in place. Always use a passcode to access your tablet or smartphone, and log off your computer or lock the screen when you walk away from it. After accessing a shopping or banking site, be sure to completely log out of the site before exiting, and don’t let your computer or device remember your usernames, passwords, or credit card information.

A stolen identity is even worse than a lump of coal in your stocking. Make sure you have only nice surprises this holiday season by sticking to these smart online shopping tips to keep you and your information protected.

Uncategorized

5 mobile security threats you can protect yourself from.

Once your phone is hacked, your other devices may be next if they are connected. That’s because your overall online security is only as strong as the weakest link in your chain of connected devices. Malware can spread from your hacked phone to your tablet or another mobile device through the network.

This article identifies five mobile security threats and how you can help protect yourself from them.

1. Madware and spyware

Madware is short for mobile adware. It’s a script or program installed on your phone, often without your consent. Its job? To collect your data for the purpose of better targeting you with ads. On top of that, madware often comes attached at the hip with spyware. Spyware collects data about you based on your internet usage and transmits it to a third party. That data is then bought and used by companies to send you advertisements. However, seeing more ads is the least of your worries when it comes to spyware. It also collects information about your location, internet usage, and even your contacts. This makes it a problem not just for you, but perhaps also for everyone you know.

2. Viruses and Trojans 

Viruses and Trojans can also attack your mobile devices. They typically come attached to what appear to be legitimate programs. They can then hijack your mobile device and mine the information it holds or has access to, such as your banking information. Viruses and Trojans have also been known to send premium text messages that can be costly

3. Drive-by downloads

Drive-by downloads refer to any malware installed on your device without consent. If you visit the wrong website or open the wrong email, you might be exposed to a drive-by download that automatically installs a malicious file on your mobile device. The file could be anything from adwaremalware or spyware to something far more nefarious, like a bot, which can use your phone to perform malicious tasks.

4. Browser exploits

Browser exploits take advantage of known security flaws in your mobile browser. Browser exploits also work against other applications that function with your browser, such as PDF readers. If you see that your mobile browser’s homepage or search page has unexpectedly changed, it could be a sign that you’re a victim of a browser exploit.

5. Phishing and grayware apps

Phishing apps are a new take on an old theme. In the past, criminals would send emails that appeared to come from a trusted source. They’d ask for personal information, such as your password, hoping you’d be trusting enough to respond. Phishing apps are designed to look like real apps, and a mobile device’s smaller screen can make it even more difficult to tell the difference. These fake apps secretly collect the information you input — passwords, account numbers, and more.

Grayware apps aren’t completely malicious, but they can be troublesome because they often expose users to privacy risks.

How to protect yourself from mobile security threats

Mobile security threats may sound scary, but here are six steps you can take to help protect yourself from them.

  1. Keep your software updated. Only 20 percent of Android devices are running the newest version and only 2.3 percent are on the latest release.1 Everything from your operating system to your social network apps are potential gateways for hackers to compromise your mobile device. Keeping software up to date ensures the best protection against most mobile security threats.
  2. Choose mobile security. Just like computers, your mobile devices also need internet security. Make sure to select mobile security software from a trusted provider and keep it up to date.
  3. Install a firewall. Most mobile phones do not come with any kind of firewall protection. Installing a firewall provides you with much stronger protection against digital threats and allows you to safeguard your online privacy.
  4. Always use a passcode on your phone. Remember that loss or physical theft of your mobile device can also compromise your information.
  5. Download apps from official app stores. Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores may not ensure you never get a bad app, but it can help reduce your risk.
  6. Always read the end-user agreement. Before installing an app, read the fine print. Grayware purveyors rely on your not reading their terms of service and allowing their malicious software onto your device.

Uncategorized

Social media safety tips for children.

In our modern society, social media is one of the most common ways we communicate with one another. This is true for adults and children.

many children will find even more time than usual to spend on their phones, tablets, or computers. Often times they are communicating through social media apps. Do we know who they are talking to? Do they really know?

As parents, our main goal is to keep our children safe and healthy. This applies to both physical and emotional health.

One important way to help them stay safe while using social media is to monitor their usage. Just like when our children spend time with their friends in real life, we need to know what they are doing and who they are talking to through social media platforms.  

While it is important to give our children some freedom, we still need to know that they are being safe and following the social media rules we set for them. Giving them clear rules and consequences for their misuse will help them continue to use social media in a positive manner.

Teach them social media safety habits. While it is ideal to share this information with them before they get on social media for the first time, that might be difficult. These rules and safety measures will be valuable at any time.

According to http://www.connectsafely.org/social-web-tips-for-teens/, some of the things children (of any age) can do to stay safe online are as follows:

1. Be your own person. Never pretend to be someone that you are not. Be who you really are and you will attract the people who will become your real friends.

2. Be nice. Don’t say mean things just because you can hide behind a screen. Your words hurt the same as if you would say them to the person’s face.

3. Think about what you post. Remember that once it is out there it is out there for everyone!

4. Do not add people you don’t know on social media accounts. Having friends and followers is fun but can be dangerous when they are strangers.

5. Never send inappropriate pictures or engage in sexual conversations with peers or strangers. Never. Never. Never.

ALSO – NEVER GIVE OUT YOUR ADDRESS ON SOCIAL MEDIA! Don’t even tell anyone you don’t know what city you live in or what school you go to. Don’t post photos that show your school or give any information about where you live. Try to be as vague as possible about where you live.

If we stress the importance of these rules and safety habits and reinforce them with a consistent reward/consequence system, we can help our children stay safe online. This also will give us some peace of mind when trusting our kids with the responsibility and privilege of using social media.

technology

Cybercrime Attack Types.

Cybercrime can attack in various ways. Here, is some most common cybercrime attack mode:

Hacking:

It is an act of gaining unauthorized access to a computer system or network.

Denial Of Service Attack:

In this cyberattack, the cyber-criminal uses the bandwidth of the victim’s network or fills their e-mail box with spammy mail. Here, the intention is to disrupt their regular services.

Software Piracy:

Theft of software by illegally copying genuine programs or counterfeiting. It also includes the distribution of products intended to pass for the original.

Phishing:

Pishing is a technique of extracting confidential information from the bank/financial institutional account holders by illegal ways.

Spoofing:

It is an act of getting one computer system or a network to pretend to have the identity of another computer. It is mostly used to get access to exclusive privileges enjoyed by that network or computer.

technology

8 Ways Your WhatsApp Messages Can Be Hacked.

  1. Remote Code Execution via GIF
    remote execution with laptop
    In October 2019, security researcher Awakened revealed a vulnerability in WhatsApp that let hackers take control of the app using a GIF image. The hack works by taking advantage of the way that WhatsApp processes images when the user opens the Gallery view to send a media file.

When this happens, the app parses the GIF to show a preview of the file. GIF files are special because they have multiple encoded frames. This means that code can be hidden within the image.

If a hacker were to send a malicious GIF to a user, they could compromise the user’s entire chat history. The hackers would be able to see who the user had been messaging and what they had been saying. They could also see users’ files, photos, and videos sent through WhatsApp.

The vulnerability affected versions of WhatsApp up to 2.19.230 on Android 8.1 and 9. Fortunately, Awakened disclosed the vulnerability responsibly and Facebook, which owns WhatsApp, patched the issue. To keep yourself safe from this problem, you should update WhatsApp to version 2.19.244 or above.

  1. The Pegasus Voice Call Attack
    user on a whatsapp chat
    Another WhatsApp vulnerability discovered in early 2019 was the Pegasus voice call hack.

This scary attack allowed hackers to access a device simply by placing a WhatsApp voice call to their target. Even if the target didn’t answer the call, the attack could still be effective. And the target may not even be aware that malware has been installed on their device.

This worked through a method known as buffer overflow. This is where an attack deliberately puts too much code into a small buffer so that it “overflows” and writes code into a location it shouldn’t be able to access. When the hacker can run code in a location that should be secure, they can take malicious steps.

This attack installed an older and well-known piece of spyware called Pegasus. This allowed hackers to collect data on phone calls, messages, photos, and video. It even let them activate devices’ cameras and microphones to take recordings.

This vulnerability applied to Android, iOS, Windows 10 Mobile, and Tizen devices. It was used by the Israeli firm NSO Group which has been accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack.

If you are running WhatsApp version 2.19.134 or earlier on Android or version 2.19.51 or earlier on iOS, then you need to update your app immediately.

  1. Socially Engineered Attacks

Another way that WhatsApp is vulnerable is through socially engineered attacks. These exploit human psychology to steal information or spread misinformation.

A security firm called Check Point Research revealed one such attack they named FakesApp. This allowed people to misuse the quote feature in group chat and to alter the text of another person’s reply. Essentially, hackers could plant fake statements that appear to be from other legitimate users.

The researchers could do this by decrypting WhatsApp communications. This allowed them to see data sent between the mobile version and the web version of WhatsApp.

And from here, they could change values in group chats. Then they could impersonate other people, sending messages which appeared to be from them. They could also change the text of replies.

This could be used in worrying ways to spread scams or fake news. Even though the vulnerability was disclosed in 2018, it had still not been patched by the time the researchers spoke at the Black Hat conference in Las Vegas in 2019, according to ZNet.

  1. Media File Jacking

Media File Jacking affects both WhatsApp and Telegram. This attack takes advantage of the way that apps receive media files like photos or videos and write those files to a device’s external storage.

The attack starts by installing malware hidden inside an apparently harmless app. This can then monitor incoming files for Telegram or WhatsApp. When a new file comes in, the malware can swap out the real file for a fake one. Symantec, the company that discovered the issue, suggests it could be used to scam people or to spread fake news.

There is a quick fix for this issue. In WhatsApp, you should look in Settings and go to Chat Settings. Then find the Save to Gallery option and make sure it is set to Off. This will protect you from this vulnerability. However, a true fix for the issue will require app developers to entirely change the way that apps handle media files in the future.

  1. Facebook Could Spy on WhatsApp Chats.
    man with facebook binoculars snooping on you
    In a blog post, WhatsApp implied that because it uses end-to-end encryption, it is impossible for Facebook to read WhatsApp content:

“When you and the people you message are using the latest version of WhatsApp, your messages are encrypted by default, which means you’re the only people who can read them. Even as we coordinate more with Facebook in the months ahead, your encrypted messages stay private and no one else can read them. Not WhatsApp, not Facebook, nor anyone else.”

The fact WhatsApp uses end-to-end encryption does not mean all messages are private. On an operating system like iOS 8 and above, apps can access files in a “shared container.”

Both the Facebook and WhatsApp apps use the same shared container on devices. And while chats are encrypted when they are sent, they are not necessarily encrypted on the originating device. This means the Facebook app could potentially copy information from the WhatsApp app.

To be clear, there is no evidence that Facebook has used shared containers to view private WhatsApp messages. But the potential is there for them to do so. Even with end-to-end encryption, your messages may not be private from Facebook’s all-seeing eye.

  1. Paid Third-Party Apps
    paid-apps-for-hacking
    You’d be surprised how many paid legal apps have sprung up in the market that solely exist for hacking into secure systems.

This could be done by big corporations working hand-in-hand with oppressive regimes to target activists and journalists; or by cybercriminals, intent on getting your personal information.

Apps like Spyzie and mSPY can easily hack into your WhatsApp account for your stealing your private data.

All you need to do is purchase the app, install it, and activate it on the target phone. Finally, you can sit back and connect to your app dashboard from the web browser, and snoop in on private WhatsApp data like messages, contacts, status, etc. But obviously we advise against anyone actually doing this!

  1. Fake WhatsApp Clones
    whatsapp clones
    Using fake websites clones for installing malware is an old hacking strategy still implemented by many hackers all over the world. These clone sites are known as malicious websites.

The hacking tactic has now also been adopted for breaking into Android systems. To hack into your WhatsApp account, an attacker will first try to install a clone of WhatsApp, which might look strikingly similar to the original app.

Take the case of the WhatsApp Pink scam, for instance. A clone of the original WhatsApp, it claims to change the standard green WhatsApp background to pink. Here’s how it works.

An unsuspecting user receives a link to download the WhatsApp Pink app for changing the background color of their app. And even though it really does change the background color of your app to pink, as soon as you install the app, it will start collecting data not just from your WhatsApp but also from everything else stored on your phone.

  1. WhatsApp Web
    whatsapp web home page
    WhatsApp Web is a neat tool for someone who spends most of their day on a computer. It provides the ease of accessibility to such WhatsApp users, as they won’t have to pick up their phone again and again for messaging. The big screen and keyboard provides an overall better user experience too.

Here’s the caveat, though. As handy as the web version is, it can be easily used to hack into your WhatsApp chats. This danger arises when you’re using the WhatsApp Web on someone else’s computer.

So, if the owner of the computer has selected the keep me signed in box during login, then your WhatsApp account will stay signed-in even after you close the browser.

The computer owner can then access your information without much difficulty.

You can avoid this by making sure that you log out from WhatsApp Web before you leave. But as they say, prevention is better than cure. The best approach is to avoid using anything other than your personal computer for the web version of WhatsApp altogether.

To learn more about whether WhatsApp is safe, you need to brush up your knowledge of WhatsApp security threats.

These are just a few examples of how WhatsApp can be hacked. While some of these issues have been patched since their disclosure, others have not, so it’s important to stay vigilant.

technology

Cyber security for phone.

Mobile phones contain a great deal of personal information about you. Many apps on your phone provide access to your bank accounts or other accounts that contain sensitive information. These apps may also store credit card information that can allow criminals to buy whatever they want and ship it wherever they want. What’s more, your phone probably contains direct access to your e-mail, text messages and social media accounts that can be used to steal your identity and to trick your friends into providing their sensitive information as well.

Things like this can happen when an attacker physically gets ahold of your mobile device, sure. But did you know that there are a growing number of exploits that take advantage of your phone’s Bluetooth, Wi-Fi and cellular connections to gain virtual access to your phone? It’s true! Phones can be infected with malware just like a computer can!

So what should you do to make sure your mobile phone is secure? The following is a list of tips we recommend.

Use a strong pin or password on your phone

Consider enabling fingerprint logins to your device

Disable Wi-Fi and/or Bluetooth when you don’t need them

Be careful what apps you download and what services you allow them to access

Disable location services when you don’t need them

Be careful about where you plug in your phone

Employ remote wiping software

Backup your phone often.

technology

How secure are mobile banking apps?

Mobile security comprises several challenges of web security such as rapid development and continuous network connectivity, coupled with the threats common to more traditional applications like local encryption and malware. Mobile banking apps can be targeted from different surfaces, which we cover below.

Browser-based attacks
As a matter of fact, browsers are integral to an efficient working environment but they also serve as the ideal cyber attack vector. Web-based threats exploit browsers as well as their extensions, browser third-party plug-ins (e.g. JavaScript) and content management systems (CMS) to harvest credentials and infect systems with malware.

Man-in-the-Mobile (also known as MitMo attacks). This attack enables malevolent users to leverage malware placed on mobile devices to bypass password verification systems that send codes via SMS text messages to users’ mobile devices for identity verification. In that way, intruders can access or manipulate mobile functionality including getting access to victim’s bank account. Because one-time passwords are easily defeated by this attack, the effective solution is known to be the offline and time-generated passwords.

Clickjacking. Clickjacking is a malicious attack where the attacker hijacks a UI component on a website. Technically, an invisible iframe (a frame within a frame) is placed above a clickable element on the page and instead of doing the action that was planned, the attacker’s iframe is in function instead. There are different variations of the clickjacking attack, three of which are likejacking, cropping and cursorjacking. Apart from stealing bank account information and social security numbers, clickjacking can also install different apps on a device without the user’s knowledge.

Phishing. Phishing is a type of social engineering attack often utilised via emails to steal login credentials and financial information. Banking institutions have email filtering in place, and these products do a decent job of keeping phishing and malicious emails away from users. However they are far from perfect, simply because the phishing landscape is evolving tremendously. Yet, be informed that bank websites always make use of “https” on their websites and if you do not see the “https” prefix before the site’s URL, it means that the site is not actually secure.

Phone/SMS-based attacks
The growing pool of mobile devices has become an attractive target for cyber criminals. Your mobile phone can be attacked and infected with worms or other viruses, which can compromise your security and privacy. Phone or SMs-based attacks can result in theft of sensitive information, so remain informed.

SMishing. SMishing (also known as SMS phishing) sends a text message to a user’s phone in an attempt to get them to reveal personal information. This attack is a growing and serious concern for all banking unions. The most common type of smishing attack is that a person gets a text message that directs them to call a number to confirm account information. In smishing attacks, success rates are higher compared to a traditional phishing attack because a user considers that the communication is legit.

NFC attacks. NFC that stands for Near Field Communication is a short-range contactless communication standard. Today, NFC technology is widely used in a number of applications including physical access control and cashless payment. But, how secure NFC is? There are several potential threats to NFC which you should be aware of. The first threat is eavesdropping which happens when an intruder deletes or modifies data that is exchanged between 2 devices. Another threat is a relay attack which refers to the extraction of data, utilising a bridge between a NFC or mobile payment system and the PoS or terminal in real time.

Application-based attacks
The influx of new financial applications released every year has increased the volume of cyber security threats against mobile banking apps. Given that, incorporating mobile app security into overall security strategy must be of topmost importance for financial institutions.

Insecure data storage. According to a report published by Digital.ai titled “In plain sight: The vulnerability epidemic in financial mobile apps“, 83% of financial institutions apps stored data insecurely. Some examples of the errors that are usually made while securing data storage include improperly storing certificates and passwords, weak algorithm choices, not including the necessary maintenance precautions, and many more.

Weak encryption. One of the most crucial components for banking apps is encryption. When an app has weak encryption, it may lead to sensitive data exposure, broken authentication and spoofing attacks. Once data is encrypted, only authorised parties who have a ‘key’ can read it. Banks should use advanced encryption standards to keep customers’ data out of the hands of unauthorised users.

Improper SSL validation. SSL is a digital certificate that use encryption security for the protection of data. Their existence offers authentication to the sites, confidentiality of transactions, as well as integrity of information. Bugs in a mobile banking app’s secure socket layer (SSL) validation process may result in data security breaches.