As cell phones get smarter and smarter, we tend to store massive amounts of personal and business data on them because they’re small, convenient, and mobile. But don’t let a trade-up become a personal data security disaster.
Also, if you think e-mail phishing is bad, steel yourself for a new varient called “vishing” that relies on persuading victims to reveal their personal information over the phone. And finally, be aware of possibility that smarter phones can lead to snoopier phones (think Android).
Wipe That Cell Phone Clean of Your Data
Scenario: When the news broke last year that the winding-down GOP campaign–for a bargain basement price–sold staffers’ BlackBerrys filled with e-mail messages and call records dating back months, as well as a contact list of every major political player in Washington, there was enough egg to liberally coat the faces of everyone at campaign headquarters. Remember, it takes only 5 minutes to reset a smart phone to its factory-default state. But the McCain campaign is hardly alone in its failure to take this simple precaution. Anyone can buy a used smart phone, and many sellers simply box it up with its data intact before transferring ownership.
Fix: Before you ditch an old phone, use your phone’s reset codes or menu options to clear your message archives and your contacts list. Check the ReCellular Data Eraser page to learn how to reset your phone, and follow the instructions, for crying out loud!
Voice Phishing (aka “Vishing”)
Why You Should Care: This gambit is just one more method at the disposal of conscienceless creeps who want to steal your bank card numbers.
Scenario: Here’s how vishing works: You receive an e-mail or get a prerecorded voice message (purportedly from your bank, or PayPal, or some other financial institution) informing you that a large transaction–one you never performed–has been held up. The message includes a toll-free telephone number that you should call right away to deal with the situation. You’re supposed to think: “Spam fraud always involves a URL, right? This phone number must be safe.”
But you’d be wrong. You dial the number, and a voice menu prompts you to key in your card number before it transfers you to a company representative. The vishers ask you to enter other information as well, such as the expiration date and/or the CVV number printed on the back of your card. If they’re bold, they may even ask you for your billing address’s zip code and your birth date. If you act without thinking clearly, you might give them everything they ask for. At this point, they have your number–literally–so they may just hang up on you or put you on hold indefinitely.
Fix: If you get a fishy (vishy?) call or e-mail, ratchet up your suspicion meter. Never call the number provided in an unsolicited e-mail or voicemail message to follow up on some mystery purchase; instead, dial the bank’s number printed on the back of your card. Report vishing attempts to the Internet Crime Complaint Center.
T-Mobile’s Snoopy G1 Phone
Scenario: Virtually everything you do on Google’s Android mobile phone platform (the one used on the T-Mobile G1) is mirrored to the user’s Google Account Web page. Every e-mail sent, every calendar entry created, even every Web site visited gets catalogued. The phone’s ability to locate itself by radio tower and by GPS may make it highly trackable.
Among the downloadable applets that you can use with the G1 are tools to track the phone’s position on a Web page or via text coordinates you can plug into a map, and tools to show you other Android users within a 10-mile radius. Many of the downloadable applications have access to your phone logs and phonebook, and have permission by default to connect to the Internet.
Fix: For many people, these features are useful and welcome. But if you’re seriously interested in privacy, think twice before committing to the G1. We recommend waiting until Google tweaks the Android software to protect you better–or buying a different phone.