Hacker’s objective: mobile devices.

According to a recent study of the Spanish National Commission on Markets and Competition (CNMC) of March 2021, there were more than 54 million mobile lines in Spain. Nowadays, we use our smartphones (both corporate or personal) for a wide range of tasks, such as checking emails or information, watching films, listening to music, making bank transfers or payments… In short, we browse more the Internet from our mobile devices than from desk ones.

The world is definitely for mobiles.

These figures expand the range of possibilities for cybercriminals. Therefore, they have focused on these devices and have specialised in how to attack them, that is, it does not differ much from what was already happening, and what happens in desktop devices, there is simply a larger niche.

Almost every week, we hear news about scams that come in the form of a message or trojan whose intention is to steal the contact list, use our mobiles as a platform for mass sending of messages (spam) and, in the worst case, steal more sensitive information like our bank details.

First, money.

The basic principle on which all these malicious applications are based is none other than obtaining an economic benefit from the unwary user. This is achieved through:

• Trojans, which in some cases use smartphones to forward two-factor authentication codes.

• Ransomware, hijacking stored information and asking for a ransom to regain access to it.

In the case of companies, data are the target.

It is difficult to obtain access to bank data at the corporate mobile phones level. However, hackers can access precious corporate information or carry out cyber espionage through mobile phones to sell the information obtained to unscrupulous competitors.

In the case of companies, a key factor to avoid this type of situation is the continuous training of their employees in cybersecurity.

Phishing: simple but effective.

Sending emails that include a deceptive link is still the technique most used by cybercriminals to obtain access data (users and passwords) to different services of the victims.

In this case, there are no trojans or applications. It is the user who provides their access data through this fraudulent link, which takes them to a website that pretends to be that of their bank, their mail client, etc. There, they provide all their access data to the hacker in question.

Six basic recommendations.

If you want to keep your mobile safe, follow these six simple recommendations:

1.- Keep all your mobile applications updated.

2.- Do not install applications that are not available at the AppStore or Google Play, much less from links sent by email or message.

3.- Install a paid antivirus that includes specific protection for mobile devices.

4.- Use trusted Wi-Fi networks and avoid using public Wi-Fi and only if it is not possible to use mobile data.

5.- To avoid phishing, never click the link attached to any email or message informing of a report with your bank or email account if you have any doubt. Verify the sender and, if you still have doubts, contact the entity who sent the message by any other mean, for example, by calling our bank office to check the information.

6.- Despite these recommendations, putting them into practice does not ensure that you are 100% protected. Therefore, it is also advisable to make backup copies regularly.