As we become increasingly reliant upon our phones, we make ourselves more vulnerable to cyberattacks. Indeed, Experian’s 2020 edition of its annual Data Breach Industry Forecast details five predictions for data breach trends, including three that are likely to impact the smartphone user.*
One of Experian’s predictions is that cyber criminals will move to “smishing” attacks. What the heck is a smishing attack? Think “phishing” meets SMS. That’s right, text-based phishing attacks. This is similar to email spoofing. The text message may appear to come from a legitimate source, such as your bank or a friend. It may request that you call a certain phone number or click on a link within the message, with the goal of getting you to divulge personal information. So, be cautious when opening a text. These scams are intended to obtain your personal information by pretending to be a legitimate business, or some other innocent party. If you get an inquiry seeking personal information, don’t provide it. Hang up, note the number (perhaps block the number) or log off. Consider looking up the phone number or customer service email address from the entity purportedly contacting you for your personal information and filing a report with the FCC’s Consumer Complaint Center.**
Another prediction is that cyber criminals will leverage mobile point of sale systems at event venues and e-skim credentials. Mobile payment options are popping up everywhere – think concert venues, sporting events, craft fairs. E-Skimming involves the introduction of a skimming code to a vulnerable credit card processing webpage. The malicious code is embedded and then captures credit card data as the end user enters it in real time. The information, once captured, is sent to an internet-connected server where it is gathered and can be later used or sold. In some ways, e-skimming is an easier attack because unlike credit card skimming, no physical skimming device has to be installed.
Experian also anticipates an uptick in risk attendant to using (by phone or computer) public Wi-Fi networks. Experts are predicting that identity thieves will use any number of spoofing devices, like the Pineapple (which is a small hand-held device that identifies unsecured Wi-Fi networks) attached to drones to steal personal information from unsuspecting people using unsecured public Wi-Fi networks.
With these predictions ahead, it is critically important that everyone remain vigilant and implement best practices for data security. (See “The Department of Homeland Security Reminds us of the Importance of Cybersecurity,” “Some Cyber-Musts For Maximizing Security,” and “What is New York’s Data Breach Notification Statute? And Does it Impact Me?“). If nothing else, consider three small steps: (1) make sure to use passwords – good, long, strong, different passwords. And, change them often; (2) set up dual factor authentication on all of your accounts – credit card, banking, email, etc.; and (3) treat yourself to identity theft protection. For the minimal annual expense associated with identity monitoring services, the protection will bring great peace of mind.
* See Experian’s “2020 Data Breach Industry Forecast”
**The report also warns that cyber criminals will continue to target children for identity theft. So, be careful when oversharing about your offspring on social media platforms. You don’t want to unwittingly expose your children. And, have the conversation with your children who are users of email or smartphones to empower them to avoid becoming a victim.