| Individuals October 26, 2015

October 26, 2015

The ways we accidentally give over our information on mobile

By Lookout

Smartphones are pretty great, aren’t they? They’re small, portable and give us access to a world of information literally in our pockets.
But mobile devices’ small form also means we interact with them pretty differently than desktop computers. In fact, studies have shown that users are 3x more likely to click on a malicious link from their smartphone than a PC!
Enter, phishing
We’ve all received phishing emails: they are typically designed to look like messages from banks, credit card companies, and similar organizations. The emails often have urgent subject lines requiring action to lure you to a phony website that looks—at least on a cursory glance—legitimate. Think: “Please verify your account” or “2nd Collections Notice.”
After clicking on the link and believing that you’ve landed on the organization’s actual website, you may enter in your username and password—unknowingly disclosing your private information to scammers.
Tricky business
While phishing isn’t new, it does have unique repercussions when you receive malicious communications on mobile—and attackers know this. For one, it’s hard to see if a link is actually legitimate. On a PC, you can hover over a link to determine if it will redirect to a suspicious looking address, but on mobile that’s not the case.
It’s also harder to spot if you’re on a suspicious website, if you do end up clicking through. For instance, if you’re on a large monitor you may pick up on a URL reads “usbanki.com” instead of “usbank.com,” but on a mobile device it is much more difficult to spot this distinction. On PC you can also look for the “HTTPS” at the front of a URL, indicating that it is using a secure connection, but this is also not immediately evident on mobile where you have to click on the address bar and scroll to the front of the URL to determine if the site uses HTTPS.
Even incredibly tech-savvy people can fall prey to these schemes. The result? Your sensitive information gets in the hands of attackers who will likely use it for their gain.
Don’t get phished—get savvy
To avoid getting phished on mobile, the best thing is to avoid clicking on email messages and links that just don’t look right. Messages requesting your password, login details, or other important financial information should especially raise red flags. Know that your favorite social network, bank, or insurance company—basically any company that deals with sensitive information—will never ask for your password or other personal data via email.