By Anna Collard
Imagine if your mobile phone could be used to spy on you, listen to your conversations and send information and images from your device to a third party? This is not an imagined, dystopian future, it is the story of the Pegasus spyware put on mobile devices by clients of Israeli spyware software firm NSO. Although the Pegasus spyware is meant to be used by law enforcement only and is targeted at high-value individuals, this story provides some food for thought as, according to Anna Collard, SVP Content Strategy&Evangelist at KnowBe4 AFRICA (www.KnowBe4.com), mobile malware and spyware are not only aimed at the wealthy and the important – they can have a serious impact on anyone’s life.
“Other mobile threats such as banking malware for example use a similar process to the Pegasus spyware to get to users’ devices. “For example, many of these types of malware get installed by people clicking on a link that they received via SMS or WhatsApp and end up downloading a malicious app that could result in advertising click fraud, mobile ransomware, banking trojans or in some cases, even roots or jail breaks their phone to obtain full remote control over the device. The malware then allows for the criminals to listen to calls, take screenshots and see what the user types – catching passwords and banking details.”
Criminals use social engineering tools and approaches to lull users into a false sense of security. Pretending to be anything from a parcel tracking link to a banking confirmation link, these malware messages are designed to provoke people to make impulsive mistakes. And these mistakes can lead to your device being completely compromised, putting you and your financial security at risk.
“These smart malware infiltrations are designed to get past people’s defences,” says Collard. “Another form of distribution is taking advantage of devices that have not been updated or exploiting vulnerabilities on the phone or in apps that do not yet have patches. It is really important to ensure that your mobile devices are updated, and to ensure that you minimise risk by removing unnecessary apps, only downloading apps from official apps stores and by avoiding clicking on links from your mobile device.”
“Unfortunately, people are more likely to click on a link using their mobile device because they think they are safer than a computer. You need to be cautious and ensure that if you do not know the sender, you do not download anything or click on anything. Do not believe an SMS message that tells you to update your WhatsApp software or a link that tells you to update an app that comes through a social media platform. Always update from the App Store or Google Play, nowhere else.” Also, be aware of clickjacking, which is a form of mobile phishing that comes with an invisible link, which is covered by a “bothersome” graphic element that is made to look like a small hair or a speck of dust. This tricks the user into wiping the hair or dust off the mobile’s screen, which activates the link and launches a connection to the phishing site.
Keeping your mobile device free from infection means that you watch what you click, you do not trust unexpected links from unknown sources, do not share information with anyone – especially if they call and pretend they are from your mobile phone provider or bank – and do not provide people with your OTPs unless you have initiated the transaction with a trusted agent yourself. Mobile devices are as much at risk as computers, so stay aware, stay alert and stay secure.
Distributed by APO Group on behalf of KnowBe4.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.