Our phones and tablets go with us just about everywhere—and that makes them prime targets for phishing, whereby hackers try to lure you into giving up personal information. What you might not know is that these malicious attacks look different on mobile devices than they do on home computers. Here’s what to watch for, so you don’t get hooked.
INVISIBLE LINKS
When we see an email from the boss on our computers, it’s easy to verify
the sender by looking at the full email address. But email on many mobile devices shows only the user’s name. Same goes for any links within the message itself. We’re all taught to “hover” over the link to see the full web address. Turns out, that’s not a feature on mobile. Even in texts and messaging apps, if you weren’t expecting contact from that sender, be wary of clicking on anything. Better to wait until you can confirm it’s legit on your computer.
SUSPICIOUS TONE
Is the sender requesting personal information, being secretive or asking for a snap decision? These are hallmarks of phishing in every form. They’re even more prevalent on mobile devices because we tend to trust them more than our computers. If a message says you’ve won a contest you didn’t enter, offers free money, or threatens to lock your online account, don’t believe it. Just delete it.
WHO’S CALLING?
Phishing attempts can also happen through a phone call. Canada Revenue on the line? Probably not. (The agency actually has a policy not to phone you.) Be skeptical of calls from unknown numbers, or the one-ring missed call originating from afar. Those can bait you into a callback that reroutes you to a premium-rate number, which can cost you hundreds of dollars in fraudulent charges. Better to let that one go to voicemail—and if they don’t leave a message, ignore it or block the number.
MORE TO READ
The three most common phishing scams in cyberspace today
YOUR FRAME OF MIND
Scammers are counting on you to be on-the-go with your phone or tablet. They want you to make a rush decision on a seemingly urgent plea. Slow down, think about the content and verify what you can. It might just save you from being phished.
WHAT TO DO
For more information about how to protect yourself from scammers, check out The Little Black Book of Scams at competitionbureau.gc.ca. And if you think you’re the victim of phishing, report it to the police, then call your bank, credit bureaus (Equifax and TransUnion), as well as the Canadian Anti-Fraud Centre (1-888-495-8501).
NAME THAT SCAM
Three more ways scammers target your mobile device
1. SMS spoofing: Bogus text messages that want you to click a link or download an app—to secretly install malware on your device. Alternatively, you may be told to contact “customer support,” in the hope you’ll then offer up personal information.
2. Social phishing: Like text scams, messages sent to your social media accounts encourage you to watch a video, view an image or make a new connection. Clicking through may take you to a seemingly legit (but fake) login screen seeking your account credentials.
3. “Evil twin” Wi-Fi: At locations with publicly available Wi-Fi (e.g. hotels, cafés and malls) hackers can set up fraudulent access points that look like the real deal—and then eavesdrop on any devices that have unwittingly connected to them.