{"id":133045,"date":"2020-12-14T16:00:46","date_gmt":"2020-12-14T13:00:46","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/"},"modified":"2020-12-14T16:00:46","modified_gmt":"2020-12-14T13:00:46","slug":"why-cyber-criminals-love-cellphones-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/","title":{"rendered":"#Why Cyber Criminals Love Cellphones \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3c55af521cd\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3c55af521cd\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#The_Cellphone_As_a_Target\" >The Cellphone As a Target<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#Apps_and_Data_Leaks\" >Apps and Data Leaks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#Choose_Your_Phone_Brand_Carefully\" >Choose Your Phone Brand Carefully<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#Smishing_Attacks\" >Smishing Attacks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#Loss_of_Devices\" >Loss of Devices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#SIM_Swapping\" >SIM Swapping<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#Public_Wi-Fi_and_Network_Spoofing\" >Public Wi-Fi and Network Spoofing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#Its_a_Computer_So_Patch_It\" >It\u2019s a Computer, So Patch It<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/why-cyber-criminals-love-cellphones-cloudsavvy-it\/#Dont_Forget_the_Users\" >Don\u2019t Forget the Users<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Why Cyber Criminals Love Cellphones \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure id=\"attachment_8557\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8557 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/308a69cf52db3bd76bc9620627266ed4\/p\/uploads\/2020\/12\/125d19da.png\" alt=\"\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/woman-hand-using-smartphone-wifi-icon-1166136358\" data-credittext=\"Shutterstock\/antstang\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/woman-hand-using-smartphone-wifi-icon-1166136358\">Shutterstock\/antstang<\/a><\/span><\/figcaption><\/figure>\n<p>Safeguarding your data by protecting your computers? Great. Don\u2019t forget the one in your pocket that you make calls on. Cellphone cybercrime figures increase every month. And that\u2019s really no surprise.<\/p>\n<h2 id=\"the-cellphone\"><span class=\"ez-toc-section\" id=\"The_Cellphone_As_a_Target\"><\/span>The Cellphone As a Target<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Some cyberattacks are targeted at a specific individual or company. The victim is selected because they are a high-value target to the threat actors.\u00a0<em>High value<\/em>\u00a0most often means rich financial gains for the threat actors. But sometimes their goal is to exfiltrate sensitive or private documents, intellectual property, or industrial secrets. Occasionally, the entire motive is to cause trouble for the victim. Hacktivists, for example, will try to destroy the victim\u2019s IT systems and information. They want to cause operational and reputational damage to the victim. High value doesn\u2019t always mean money.<\/p>\n<p>Often the attackers are sophisticated\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Organized_crime#Cybercrime\">organised crime<\/a>\u00a0cyber groups or state-sponsored\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_persistent_threat\">advanced persistent threats<\/a>\u00a0groups (APTs). Many of the attacks they launch are against knowledgeable, well-defended targets, and are very difficult to accomplish. They require significant financial backing, top-tier technical skills, a lot of man-power, and operational guidance and control.<\/p>\n<p>The recent attack on\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.fireeye.com\/\">FireEye<\/a>\u00a0is a case in point. The attack\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/edition.cnn.com\/2020\/12\/08\/tech\/fireeye-cyberattack\/index.html)\">was so sophisticated<\/a>\u00a0that investigators believe the perpetrators are a state-sponsored APT. The value, in this case, was stealing the software tools that FIreEye uses to probe its customers\u2019 cyber defenses.<\/p>\n<p>By contrast, other cyberattacks try to snare as many victims as possible. No individual target is singled out. The threat actors are playing a numbers <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a>. The more shots at goal they have the more often they\u2019ll score. So it is inevitable that their attention has turned to cellphones. The numbers are staggering.<\/p>\n<p>With that size of a target, it is inevitable that cybercriminals are using and developing attacks to compromise cellphones and monetize their efforts.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Apps_and_Data_Leaks\"><\/span>Apps and Data Leaks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cellphones can run <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s. It\u2019s one of their biggest attractions. They\u2019re easy to install and the majority are free. Unfortunately, they can be a cause of data leakage. The developers of the apps need to make money. If they are not charging for the app you have to ask yourself how are they funding development.<\/p>\n<p>The answer is probably by selling information about you, such as your phone and app usage statistics, your contacts, communications, browsing habits, geographical location, your installed apps, and more. The worst examples of these apps will also capture login credentials and passwords for websites you visit, VPNs that you use, and so on.<\/p>\n<p>Riskware is the name used for free apps that offer to do something entertaining or useful\u2014and actually deliver on that promise\u2014but secretly siphon off information and send it back to the app publishers to be sold to advertisers or criminals.\u00a0Riskware is different from a cellphone becoming infected with covert malware. With riskware, the owner of the cellphone chooses to install the app and is aware that it is going to be added to their device.<\/p>\n<p>With the steady blurring that is happening between people\u2019s personal digital lives and their corporate digital lives, most users will be able to get their personal and their business email on the same phone, and it is common for people to juggle multiple inboxes on the same device, often in a blended view.\u00a0Riskware, or other more malicious apps, will happily harvest data whether it is personal or corporate.<\/p>\n<p>Staff who haven\u2019t been issued with a corporate cellphone will have a private cellphone, and they\u2019ll bring it to their place of work and want to connect to the Wi-Fi. Personal cellphones should be relegated to the guest Wi-Fi or to another Wi-Fi segment set up for employees\u2019 personal devices. They must not be allowed to connect to the main network.<\/p>\n<p>To govern which apps can be installed onto corporate devices you can use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Mobile_device_management\">mobile device management<\/a>\u00a0(MDM) software. This allows you to establish allow lists and deny lists of apps, to track the location of stolen cellphones, and to remotely wipe them if required.<\/p>\n<p>MDM systems can block known bad apps and query unknown apps. Once vetted, the apps are either permitted or blocked. The hard part is to do this in a way that doesn\u2019t overwhelm technical staff and that doesn\u2019t grate on your users. A centralized management system and clear guidance provided when the cellphone is allocated will help on both fronts.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Choose_Your_Phone_Brand_Carefully\"><\/span>Choose Your Phone Brand Carefully<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/uk.reuters.com\/article\/us-usa-china-contracting\/u-s-federal-contract-ban-takes-effect-for-companies-using-products-from-huawei-others-idUKKCN25928Y\">well-documented ban<\/a> prohibiting US federal contracts from being awarded to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.huawei.com\/en\/\">Huawei<\/a> and several other Chinese companies is based on suspicions that the Chinese government could\u2014using provisions in China\u2019s 2017 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/uk.reuters.com\/article\/us-china-security-lawmaking\/china-passes-tough-new-intelligence-law-idUSKBN19I1FW\">National Intelligence Law<\/a>\u2014coerce manufacturers to plant back-doors and other spycraft mechanisms into their products.<\/p>\n<p>That may be a clear and present threat, but government-sanctioned backdoors aren\u2019t the only type of built-in snooping techniques that can find their way into devices right at the factory.\u00a0 A recent case saw <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.indiatoday.in\/technology\/news\/story\/gionee-found-guilty-of-infecting-20-million-of-its-phones-with-malware-to-profit-from-users-1747111-2020-12-06\">four Chinese nationals<\/a>\u00a0involved with Chinese budget cellphone manufacturer Gionee sentenced for doing just that. It wasn\u2019t motivated by loyalty to the state\u2014or from fear of reprisals for not complying with government orders\u2014it was a simple case of financial gain.<\/p>\n<p>Xu Li, the legal representative of Gionee subsidiary Shenzhen Zhipu <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">Technology<\/a> colluded with Zhu Ying the deputy <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a> manager of Beijing Baice Technology, and two of Beijing Baice\u2019s software developers to install a version of the Story Lock Screen app that was a trojan app. It downloaded and installed a powerful <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Software_development_kit\">software development kit<\/a> (SDK) that allowed them to control the cellphones once they were infected. Over 20 million cellphones were compromised in this way.<\/p>\n<p>There is no evidence that Gionee was aware or involved. It appears to have been a supply chain attack perpetrated by insiders in the supply chain. In just under a year the two companies made over USD 4.25 million by sending adverts to the cellphones. Being the victim of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Adware\">adware<\/a> is bad enough, but the same techniques could be used to deploy more insidious strains of malware such as keystroke loggers and other spyware.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Smishing_Attacks\"><\/span>Smishing Attacks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Phishing attacks are fraudulent emails that masquerade as emails from well-known organizations. They are designed to coerce the recipient into performing some action to the benefit of the threat actors. Usually, this means opening an attachment or clicking a link. The aim might be to infect the victim\u2019s computer with malware or to try to harvest login credentials.<\/p>\n<p>Smishing attacks are phishing attacks delivered by SMS message instead of email. This delivery method has several advantages for the threat actors:<\/p>\n<ul>\n<li>They don\u2019t need to dress the message in the colors, fonts, and other trappings of corporate livery to make it look convincing.<\/li>\n<li>People expect SMS messages to be short and sweet. They don\u2019t expect to be told the entire story in the SMS. It is commonplace to click a link in an SMS to learn more and to get the finer detail.<\/li>\n<li>People will more readily overlook poor grammar and misspellings in an SMS message. We\u2019re all used to predictive text mishaps and while this shouldn\u2019t happen in a corporate SMS message, that conditioning makes us more forgiving with that type of error than we would be in a corporate email.<\/li>\n<li>In the space-restricted world of SMS messages, shortened URLs are the norm. And shortened URLs can be used to hide the real destination of the link.<\/li>\n<li>It is easy to fake\u2014or <em>spoof<\/em>\u2014the number that sent an SMS message. If you receive an SMS from a telephone number that matches a contact in your address book, your cellphone will believe that is who sent it. The SMS messages will be identified as having come from that contact and it will be placed in the conversation list for that contact, alongside all of the genuine messages from that contact. All of that adds to the illusion that the message is genuine.<\/li>\n<\/ul>\n<p>End-point protection suites usually have clients for cellphones, and these will go some way toward preventing malware installations. The most effective defense. of course. is to train your staff to be aware of smishing, to recognize the fraudulent messages, and to delete them.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Loss_of_Devices\"><\/span>Loss of Devices<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Losing a cellphone puts a tremendous amount of information about the owner of the phone at risk. If the phone has <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cnbc.com\/2018\/10\/12\/kanyes-iphone-password-is-00000-heres-how-to-keep-your-phone-safe.html\">a poor password or PIN<\/a>\u00a0it won\u2019t take long for the threat actors to discover it. PINs based on significant dates are a poor choice. Clues to the dates can be often be found in your <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> posts.<\/p>\n<p>Using a strong password or PIN and turning on encryption are good measures to protect the data\u2014both personal and corporate\u2014inside your cellphone. Installing or configuring tracking options is a good idea so that you can see the location of the device. This can aid recovery.<\/p>\n<p>If you have added a Google account to your cellphone, Google\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/support.google.com\/accounts\/answer\/6160491?hl=en\">Find My Device<\/a> should be turned on automatically. Apple has a similar service called <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/support.apple.com\/en-gb\/guide\/icloud\/mmfc0ef36f\/icloud\">Find my iPhone<\/a>.\u00a0A third-party centralized system might better suit some corporate needs.<\/p>\n<p>The ultimate sanction is to remotely wipe the device. This requires Mobile Device Management software (MDM). You may already have some available to you. If your company uses Microsft 365 for example, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/redirect.viglink.com?u=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fadmin%2Fbasic-mobility-security%2Fset-up%3Fview%3Do365-worldwide&amp;key=204a528a336ede4177fff0d84a044482\">basic MDM is provided<\/a> for you.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"SIM_Swapping\"><\/span>SIM Swapping<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You don\u2019t need to lose your device to lose control over it.\u00a0When you buy a new cellphone you can transfer the existing number to the new device and activate that as your current \u2018live\u2019 handset.<\/p>\n<p>If scammers can gather some information about you they can ring your cellphone provider and have your number transferred to a handset that is under their control, in a sting called <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/SIM_swap_scam\">SIM Swapping<\/a>.\u00a0To make the transition to your new cellphone as smooth as possible, both Apple and Google will download copies of all your apps, settings, and data to the new handset. Unfortuantely, it under the control of the threat actors.<\/p>\n<p>A variant on this is to use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Social_engineering_(security)\">social engineering techniques<\/a> to obtain a (say) 5G SIM card for the victim\u2019s cellphone number, either online or at an outlet. The threat actor then calls the victim and pretends to be from the victim\u2019s cellphone provider informing them of a free upgrade to 5G. They tell them that an upgrade code will shortly follow. They then text the victim the activation code that came with the fraudulently acquired 5G SIM card. When the victim activates the service it doesn\u2019t upgrade their old 4G SIM. Instead, it ceases the service to it and activates the new 5G SIM. The threat actors have effectively cloned your cellphone.<\/p>\n<p>These are targeted attacks. The victims have something on their cellphones that make the effort worthwhile. The most famous cases of these have targeted cryptocurrency traders or individuals with high-value cryptocurrency accounts. Swapping the SMs allow their digital wallets to be accessed. Individual losses have amounted to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cnbc.com\/2018\/11\/21\/hacker-lifts-1-million-in-cryptocurrency-using-mans-phone-number.html\">tens of millions of dollars<\/a>.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Public_Wi-Fi_and_Network_Spoofing\"><\/span>Public Wi-Fi and Network Spoofing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cellphones and other mobile devices are great because of their portable nature, and because they let us get online wherever there is a Wi-Fi connection that we can join. But you need to be careful when you are on public Wi-Fi. Everyone who is using that Wi-Fi is on the same network, and the threat actors can use a laptop and some network packet capture and analysis software to snoop on what your cellphone is sending and receiving. So what you might have thought was private is not private at all.<\/p>\n<p>You shouldn\u2019t use public Wi-Fi if you are going to need to enter a password to log in to one of your sites or to check your email. Don\u2019t do anything sensitive like online banking or using <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.paypal.com\/us\/home\">PayPal<\/a> or any other payment platform. Don\u2019t do anything that will reveal any of your personally identifiable information. Checking the sports scores or catching up on the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> is fine. If you\u2019re doing anything else, you should always use a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Virtual_private_network\">Virtual Private Network<\/a> (VPN). A VPN sends your data down a private encrypted tunnel making it impossible for threat actors to see.<\/p>\n<p>For a couple of hundred dollars, threat actors can buy portable devices that act as <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Wireless_access_point\">Wi-Fi access points<\/a> (WAPs). They\u2019ll set up camp in a coffee shop or other public space, and configure their dummy WAP to have a\u00a0 name similar to the genuine free Wi-Fi connection.<\/p>\n<p>Unsuspecting victims\u2014usually those in a rush\u2014will connect to the threat actor\u2019s bogus Wi-Fi instead of the genuine free Wi-Fi. The threat actor\u2019s Wi-Fi is connected to the genuine Wi-Fi so the victim does get online, but everything that the victim types is captured by the threat actor\u2019s device. A VPN will keep you safe in this circumstance too.<\/p>\n<p>A reputable VPN is a must if you are going to be using public Wi-Fi for anything other than the most mundane web browsing. Of course, if you have a really high data quota in your cellphone package you might not need to join a public Wi-Fi at all.<\/p>\n<p>And while we\u2019re talking about public spaces, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.telegraph.co.uk\/technology\/2016\/05\/27\/beware-public-mobile-charging-points---your-phone-can-be-hacked\/\">avoid publicly shared cellphone charge points<\/a>. If they have been compromised they can inject malicious code into your cellphone.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Its_a_Computer_So_Patch_It\"><\/span>It\u2019s a Computer, So Patch It<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The modern cellphone is a computer in your pocket that you happen to be able to make calls on. It has an operating system, it runs apps, and you should have some sort of end-point protection suite running on it. All of these should be the current versions and kept patched up to date.<\/p>\n<p>This can be more of a challenge with Android cellphones than with other devices. Different handset manufacturers blend their own integrations into vanilla Android before distributing it. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/redirect.viglink.com?u=https%3A%2F%2Fwww.samsung.com%2Fus%2F&amp;key=204a528a336ede4177fff0d84a044482\">Samsung<\/a>, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.htc.com\/us\/\">HTC<\/a>, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/redirect.viglink.com?u=https%3A%2F%2Fwww.sony.com%2Felectronics%2Fphones%2Ft%2Fsmartphones&amp;key=204a528a336ede4177fff0d84a044482\">Sony<\/a>, and others all provide their own modifications to Android.\u00a0This slows down the release of Android patches because the patch has to be released to the manufacturers from Google, and then embellished by the third-party manufacturers before it is released to the end users.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Dont_Forget_the_Users\"><\/span>Don\u2019t Forget the Users<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Adopt good business practices such as app vetting, deploying encryption, and Mobile Device Management. Provide guidance to your staff so that they know the basic cyber-hygiene for cellphone usage. Tell your employees to:<\/p>\n<ul>\n<li>Use strong PINs, passwords, or fingerprint recognition.<\/li>\n<li>Always use a VPN on public Wi-Fi.<\/li>\n<li>Turn off Bluetooth and Wi-Fi when you\u2019re not using them.<\/li>\n<li>Be careful what apps you download. Research them first.<\/li>\n<li>Turn on backups.<\/li>\n<li>Avoid public cellphone charge points. Carry a booster battery instead.<\/li>\n<\/ul>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/8514\/why-cyber-criminals-love-cellphones\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Why Cyber Criminals Love Cellphones \u2013 CloudSavvy IT&#8221; Shutterstock\/antstang Safeguarding your data by protecting your computers? Great. Don\u2019t forget the one in your pocket that you make calls on. Cellphone cybercrime figures increase every month. And that\u2019s really no surprise. The Cellphone As a Target Some cyberattacks are targeted at a specific individual or company&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":133046,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/12\/125d19da.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-133045","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/133045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=133045"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/133045\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/133046"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=133045"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=133045"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=133045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}