Security threats to your mobile device lurk as malware, fraudulent lures such as SMS spoofing, and toll fraud, but they're all becoming favorites of digital crooks as people move away from using PCs and toward smartphones and tablets, according to a new report.
Such cybercrime is worth big money, whether it happens on your PC or smartphone. Cybercrime in 2011 cost consumers $110 billion worldwide and $21 billion in the United States, according to Symantec's recently released annual Cybercrime Report (PDF).
But online crime may soon cost us more. The frequency of mobile threats doubled between 2010 and 2011, Symantec says, and 35 percent of online adults worldwide have either lost or had their mobile device stolen, exposing them to identity and data theft.
In its report, Symantec defines mobile cybercrime as unsolicited text messages that captured personal details, an infected phone that sent out an SMS message resulting in excess charges (typically known as toll fraud), and traditional cybercrime such as e-mail phishing scams.
It sounds like your cell phone is open to some nasty threats, but is mobile security really something you should be worrying about? Does your smartphone need the same kind of 24/7 threat detection that your PC does?
No doubt, mobile devices are the next big target for malicious actors looking to make a quick buck. During this year's Black Hat conference in Las Vegas, for example, vulnerabilities were demonstrated against popular technologies used in mobile devices such as near field communication, baseband firmware, and HTML 5.
The problem is that while mobile threats may be rising, it's unclear just how prevalent these issues are in the United States. Symantec's statistics, for example, say that 31 percent of mobile users in 2011 received a text message from someone they didn't know or an SMS requesting they click on an embedded link or dial a certain number to get a “voicemail.” All of these techniques are tricks the bad guys can use to inject malware onto your phone or attempt to trick you into handing over personal data.
But that 31 percent of users is a worldwide statistic based on interviews with more than 13,000 people in 24 different countries around the globe. Symantec also said it found the highest incidence of cybercrime in countries such as Russia, China, and South Africa where the rate of victimization ranges from 80 to 92 percent. High incidences of cybercrime in concentrated areas can often skew worldwide results, especially when those areas are highly populous nations such as China and Russia.
Lookout Weighs In
Lookout Mobile Security also recently released its annual mobile security report and noted that toll fraud, where malware secretly contacts high-priced SMS services that slap hidden charges on your mobile bill, is currently the most prevalent type of mobile malware. But this type of activity primarily affects users in Eastern Europe and Russia, the security firm says.
Links to malicious Websites, however, are a concern for mobile device users in the United States. Around four in ten American users are likely to click on an unsafe link, according to Lookout. Malicious links can come from e-mail, social networks, or the SMS-based spam and phishing techniques that Symantec described.
If you're an Android user, you should also be aware that your platform is the most popular target for malware creators, according to a recent report from security firm McAfee. That's hardly a surprise given the open approach Google takes to apps on Google Play as well as the fact that Android is the largest smartphone platform in the world.
One popular trick is to create an app that looks like a more popular program such as Angry Birds and bundle that fake app with malicious software. Lookout in late 2011 uncovered just such a scam in Google Play used for SMS toll fraud; however, that scam affected users in Europe and parts of Western Asia, not North America.
Mobile security threats are apparently on the rise, and this trend is bound to grow as more people turn to using smartphones and tablets in their everyday lives. For now, however, it appears the best approach for North American users to practice mobile security is to be wary of what you download and the links that you click on.
Make sure you're downloading genuine apps and not imitations from app stores such as Google Play or GetJar. Signs to look for in trusted apps include a large number of good user reviews written in coherent English, a link to the app developer's website to see if the app is actively supported, and the number of users an app has.
Beyond apps, just as on a PC, never click on a Web link purporting to be from a bank or other financial institution, especially if that link comes to you via SMS.
Mobile devices may be the next frontier for malware creators, but as with PCs, the best defense is to use common sense and be on your guard for incoming scams via e-mail, social networks, and text messages.