Sara Morrison, an author of many Internet-related articles for Vox, wrote a piece in the January 2020 issue on how hackers stole $13,103 from her bank accounts. She wrote the piece as a warning that even cautious people like her can still be tricked into replying to texts, emails, or phone calls that give cyberthieves what they need to steal critical personal data. This data can be used continuously for additional thefts. This was a humbling experience for her since she is both a researcher and practitioner of Internet safety. Yet, as I pointed out in Part II of this article series, cyber thieves work full time to uncover better ways to deceive and convince computer and mobile device users to click on apparently legitimate message links which are connected to dangerous web pages or downloads.
Experts point out that the vast majority of successful cyber thefts and hacks are completed with victim participation and cooperation.
Research by Stanford University Professor Jeff Hancock and security firm Tessian showed that 88% of data breaches were from employees’ mistakes.
“Human error was a major contributing cause in 95% of all breaches.” — IBM Cyber Security Intelligence Index Report.
“98% of cyber attacks rely on social engineering,” according to cyber security company PurpleSec.
Being watchful and learning what new fraudulent techniques are trending is an ongoing process for a cybercriminal since he makes his living learning about consumer and employee habits, who they trust, and when they are most likely to make a mistake, and allow a phishing or smishing attack to go through. As the weeks and months go by new attacks are tested and the ones that are more successful become common. Cybercriminals watch the news and darknet chatter and jump on the bandwagon when they learn about successful scam tactics and strategies. Luck is not enough to protect you against smishing and phishing attacks. Good security habits will greatly lower your chances of being a victim of such an attack.
The term “Zero Trust” is appropriate here, for mobile phone users and employees alike. IBM’s corporate website defines it well. Zero Trust is a framework that assumes a complex network’s security is always at risk to external and internal threats. It helps organize and strategize a thorough approach to counter those threats.” You might say, “Well I trust my family and friends. Also, I get calls, texts, and emails on my phone from my employer. I can’t just stop communicating with them.” Zero Trust means that, for employees and consumers, they do not trust strangers or links that you have not used before, even if the link has been sent to you by a friend. Vet all links for legitimacy first. This also means that unless a person or organization absolutely must know your Social Security number, phone number, Driver’s License, Credit Card number, etc., don’t give it to them.
Here is why email and especially text are increasingly used by cyber thieves to steal from you. Your guard is down when you think you are communicating with a trusted source. Your guard is also down when you are feeling rushed to respond to an email or text because it appears urgent – your emotions are in a heightened state, and your logic is overruled.
Proofpoint, a well-respected business cybersecurity firm, has an excellent, yet concise article on how spam and email attacks are successful and how to avoid being a victim. Both employees and consumers are victims of the manipulative tactics called “social engineering” and this article link, What Is Social Engineering? , is definitely worth the read as it will help you prevent these attacks at work and home.
Keep your personal and direct employee phone number off social media and all online sites if possible. Why make it easy for cyber thieves to make you a victim?
A text scam gets mobile phone users to download malware into their phone or provide private information about themselves so the cyber thief can access and steal money from their financial accounts or at minimum steal their data to resell to another criminal. According to Robokiller, a top computer and mobile device protection service, fraudulent spam calls increased 58% last year causing over $10 billion in losses The following were the 5 top text scams in 2021were:
Text Scam Type Number of scam attempts Percentage of total text scams
Delivery announcement or problem 23,076,811,343 26.3%
Covid-19 kits, testing, vaccinations 5,696,455,112 6.5%
Bank account problems, etc. 3,071,087,772 3.5%
Apple & hardware sweepstakes 2,601,735,612 3%
Healthcare related 1,060,272,839 1.2%
Robocalls cost businesses and people over $30 billion in losses last year. The top 87 billion scam robocalls were related to vehicle warranty, health insurance, social security, student loans, and religion.
The US Postal Service states on their website that “USPS will not send customers text messages or e-mails without a customer-first requesting the service with a tracking number, and it will not contain a link.” So, don’t click the link on any emails from USPS.
Remember that honest companies will not request information about your accounts by text.
How to Protect Against Phone Bank Fraud
Kyle Chivers of NortonLifeLock says, “Treat your personal information like it’s cash,” because that is how hackers think of it. Once you do this you will be more mindful of your action and less likely to be conned. Do not reply to any communications by email, text, or phone that you did not initiate a few moments before. If they seem they might be honest, vet them first by researching the phone and email to see if they match the contact data on a legitimate company, government agency, or non-profit website. Email and text links can download malware into your mobile devices or computer or take you to fraudulent sites that steal your information. Usually, banks and credit card companies have policies to guarantee their account holders against fraud and theft. But if the account holders initiate a transaction giving fraudsters access to their bank account or credit card, the account holders might void the company policy guarantee. This is because the account holders voluntarily participated in the fraudulent activity (even though they were tricked into doing so) and lose the chance of being compensated by the financial institution.
Do you have friends who don’t balance their checkbook but just close their account and open up a new one when their checkbook gets too far off the total on their monthly bank statement? It may be a boring process and a hassle but reviewing your bank and investment account statement monthly and correcting errors is an important part of detecting fraud as well as giving you a reality check as to where you are financially. It is also a good practice to ask the bank how to activate fraud detection and any other security measures they recommend. Take these steps to strengthen the protection of the money you worked hard to earn.
People can keep themselves safe by not doing financial transactions or replying to uninvited inquiries with mobile devices. But given that some people will use these devices anyway for this purpose, they need to train themselves to be aware of current cybercrime methods that can be used against them.
If you need to engage with banks, investment accounts, etc. with mobile devices then being cautious must be a priority. Below are several rules to follow according to security experts.
Avoid the temptation of convenience and do not keep credit card or banking information on your mobile devices.
This includes keeping passwords and financial information off your devices as well. Hackers cannot steal information that is not on your device even if they somehow load malware onto it.
Turn off your phone Wi-Fi when away from work or home so it does not connect automatically when it detects Wi-Fi networks. Don’t enter any sensitive information over public Wi-Fi.
Make it hard for hackers to access your account. Use two-factor (2FA) authentication wherever possible.
Do Not Blindly Download Apps (even from the Apple or Google Play stores)
A.J. Mojaddidi, a security expert with Key Cyber Solutions, said, “Most recently they (hackers) are coming through on mobile devices.” He added, “They are actually coming in through apps. One way they come in to get your banking information–you go to the app store to download an app that looks like your bank app, but it is really not. It is a fake app that asks for your credentials and now the hacker has it.”
Technologies that Protect You from Attacks
Buy a quality VPN and activate it on all your home computers and mobile devices. This is the most powerful technical security method available. By encrypting Internet connections on all personal and work devices with a VPN, no cybercriminal can see the data you send or access.
Install highly rated, comprehensive anti-malware software on your computer and mobile devices. These detect and remove dangerous items and warn you whether websites may not be safe to visit. If the anti-malware does not provide a firewall install one since a firewall secures your computer and mobile devices in ways that anti-malware cannot. The best software will block suspicious downloaded files, apps, and websites while preventing spyware from seeing texts, emails, and listening to calls.
Keep your operating systems for Apple, Windows, or whatever you are using up to date. Enable automatic updates or accept them for installation when new ones are available. Do the same for your important apps.
In your phone settings, block your apps from accessing your contacts, microphone, or camera. Do not make it easy for cybercriminals to sneak into your mobile device this way.
Out of date web browsers have less protection from cyberattacks. Newer versions of browsers have new security protections installed.
If your anti-malware software does not have it, download a highly rated password manager such as Keeper, Dashlane, LastPass, or Zoho Vault. If you do not do that then create strong and unique passwords with random numbers, letters, and special characters. Most people use easy-to-guess passwords or use the same password for various accounts or websites. Hackers know this and use bots to continuously attempt logging into online accounts from the huge and growing databases they build by breaking into huge data silos of organizations containing emails and passwords.
Services to Protect You from Spam and Email Attacks
An easy step-by-step article on how to sign up on the FCC Do Not Call List and how to stop smishing is at this link on the Proofpoint website. You will have to reapply again every few years.
AT&T, T-Mobile, Sprint, and Verizon all provide a free service labeling robocalls onscreen so you can ignore the call. There is also a setting in most cellphone plans that allow you to block any number from calling you again. Just don’t answer calls or spam from strangers. If they don’t leave you a message that you can vet for legitimacy, then block the number and delete the message.
The Ways to Protect Yourself from Stalking Devices (Locational Trackers)
In my previous article, How Do Cybercriminals use Your Cell Phone to Steal from You? High Tech Stalking Part II, revealed the many security threats from location trackers but did not address in depth various ways to protect yourself from these dangers.
Bryan Aulds of Privacypros.io wrote a comprehensive article, How to Block Your Phone From Being Tracked, which provides solutions to prevent tracking by hackers, apps, phone service providers, and even government agencies. This article is excellent as it shows how to block cellphone tracking, prevent keyless car theft, and prevent credit card skimming.
SMS is the most widely used texting method in the world and unfortunately, it is very insecure. Hackers can easily track the current location and location history of people who use SMS texting apps. So, are there solutions? Yes.
The best apps with end-to-end encryption are Signal (it is the best and most used), WhatsApp for Facebook users (yet Facebook still collects and sells your data), and Telegram (but you have to manually turn on encryption). All these apps are free to use. iMessage is free to send texts between Apple devices but charges a fee to send messages to Android 4.4 or later version users.
Some people need to use SMS texting to communicate with a greater number of people but are more likely to receive online attacks. These people have jobs as journalists, business leaders, politicians, activists, or IT administrators. The good news is there is a tech solution that can help protect them. Cameron Summerson, an author of over 4000 articles on technology, wrote an in-depth how-to article on this tech solution called What is Google Advanced Protection and Who Should Use It? The app Google Advanced Protection is free. It is a bit of a hassle to use and also requires purchasing a hard security key which varies in cost from $18 to $30. For all encryption apps above it is important to remember that if the recipient of a text message does not have the same private app as you, the message will either be sent to them unencrypted via SMS or not be delivered at all.
Find Hidden Trackers Secretly Placed on Your Car or in Your Purse
My Part I in this series on High Tech Stalking showed how Apple AirTags and other devices are used by criminals to track people to their homes, work, or travel routes and steal from them or invade their homes. However, there are ways to detect hidden tracking devices. Apple notifies iPhone owners if a stranger’s AirTag is near them. What about Android phone owners? Chris Hoffman, the Editor in Chief of How to Geek, wrote a detailed and clear piece on how to detect Apple AirTags with an Android phone. For all location trackers (and there are many) GPS Technologies wrote a concise article on how to find active and passive tracking devices hidden on your car. Passive tracking devices do not emit a signal and will require you to search the various areas of your vehicle to locate them, which this article specifies. Active devices can be found in the same way as described in the GPS Technologies article above, but bug sweeper devices (and there are many) such as the highly-rated JMDHKK Anti Spy Detector are effective.
Mindset is More Important Than Any Anti Spy Device
Rick Broida of the online tech journal CNET says, “The price of online security is eternal vigilance.” Cybercriminals work full time to improve their attack methods and trick people into falling for their scams. Computer and mobile device security is always improving, yet as cyber thieves know, the vast majority of data theft and downloading of malware occurs because of consumer and employee cooperation. People don’t see themselves as victims when they believe they are dealing with a trustworthy source. Social engineering is a fancy-sounding term, but it is just an ever-evolving psychological process of testing and seeing what methods can be used to rush, pressure, or fool victims to neglect to take standard security precautions, allowing hackers to get what they want.
The best attitude to have is to be as careful with your personal information as you are with your cash.
