Mobile devices are as vulnerable as desktops these days. Let’s dive into few of the following actions to be performed to avoid from compromising the personal mobile devices.?
- Only use applications accessible in your gadget's official store (Example: Apple(IOS) has App store & Android has Play Store) don’t even think of downloading it from a 3rd party browser.
- Be careful about applications from obscure designers/3rd party unknown app developers or those with restricted/terrible reviews in comment section.
- Always update the App's for latest patches.
- If the support for any version of app expired, it's vulnerable to use it further, so removing that application is the best solution.
- Check for the privileged access like access to location, Bluetooth, Internal Network on your devices and disable them in settings. (Example: Most of the app's ask for location regardless of their intended services, like granting permission to maps is more sensible rather giving location access to a game application! Make sense, right?)
- First-steps-first, always turn it off when you don’t need it.
- Disable automatic Bluetooth paring.
- Keep an eye on list of devices connected to the device.
- Remember, connecting to a car Bluetooth will give access to contacts, call history, message access etc. so make sure who is operating it.
- Bluetooth beacons- example of iBeacon – In the name of Technology – big companies like Apple Inc. come up with so many innovative methods to track people to offer services. From welcoming people as they arrive at a sporting event to providing information about a nearby museum exhibit, iBeacon opens a new world of possibilities for location awareness, and countless opportunities for interactivity between iOS devices and iBeacon hardware. (Read more at https://developer.apple.com/ibeacon/) . In near future personalized adds/ Targeted adds will be developed based on the user data analytics and purchase habits.
- There is a good chance of compromising privacy by Bluetooth tracking devices like Air tags, Smart watches with location tracking etc. so be vigilant.
- Always turn off Wi-Fi when you are not using or when you don’t need it. Now a day’s by default your ISP is connecting to the mobile devices (in the name of Hotspot services). If you are part of that network to collect unsolicited information, to name a few – when you visit a coffee shop, malls, airports, stadiums etc. Best way to evade from these things is to disable Wi-Fi on your devices when you are leaving from your home. (LTE is always a good alternative).
- Make sure you are joining not a familiar network.
- Public Wi-Fi are not encrypted, like the internet at coffee shops like Starbucks etc. will give leverage for cyber crooks to eavesdrop on your data. In that case using a paid VPN service can give you some privacy.
- Sharing sensitive information over public network is not recommended, if it can’t be avoidable make sure you follow the encryption-decryption techniques.
- Every mobile OS comes with default browser, I strongly recommend using that.
- Pay close attention to URLs. These are harder to view/verify on mobile screens, but it’s worth the effort.
- Don’t save passwords for multiple accounts on devices by default, in case of browser being compromised remember that your accounts are compromised as well.
- Check the settings for cookies and default saving options in your browser and configure them based on your need and remember you always have option to flush them from your devices.
- Last but not least, watch out for ads, offers that seem too good to be true. Often these lead to phishing sites that appear to be legit.
- Don’t trust the messages that tempt you to give away your personal details.
- Be careful on messaging apps like WhatsApp, Twitter, Snapchat etc., before clicking on unknown URLs or Short URLs where it’s tough to identify the legitimacy.
- Messages convey the same as when it comes to email, so make sure what ever you share it has some consequences attached to it.
- Never click on unsolicited commercial email or ads in emails.
- Sharing personal financial information is not recommended over phone or message.
- Do not respond to respond to calls or message which seek personal information.
- Any banking needs can be done by directly going to that website.
- Install 3rd party call blocking & Identification filter services like Malwarebytes, True caller etc.
Understanding a few Social Engineering Tricks:
Cybercriminals can use several different methods to trick you with a social engineering attack. We try to understand a few here, which commonly seen on mobile devices:
- Malicious Links: Now a days many attacks are happening due to this method. As instant messaging aps are roaring across every one’s personal devices, cyber criminals are tricking users to click on malicious links for fake offers, scams etc. by luring them. Of course, it’s human tendency but always remember “nothing is free in this world”.
- Impersonation: As so much information is passed along it is tough to identify the credibility of source, using this, cyber criminals may use your network to impersonate as some one who are closely related and tempt you to provide payments over different means. Best way is to cross check, incase if it’s involved payments, don’t be stupid and just check with the person who is in need.
- Redirecting Web Pages: Today’s links are confusing. Short URLs make more puzzled whether to click the link your friend’s sent over messaging apps etc. But most of the ad campaigns that are done by leveraging this method. Maybe they redirect to a fake bank website or try to fill your personal details to get gift cards etc. by the way which is not recommended. Sometimes you receive a phishing email to log into LinkedIn or Facebook accounts, where your credentials are captured by the cyber crooks. Instead of clicking on a link, hover your mouse and navigate to a website which you intend to visit.?
Penetration Tester | Security Researcher | Data Security | Mentor | Bug Hunter | CEHV11 | CompTIA security+ sy0-601 | CySA+ | Google Cloud ACE | Preparing for CISSP | Cybersecurity Trainer | CPTS,CISSP........Loading |
2 年Good content Sai Ram sir