How to outsmart smartphone scammers
Your smartphone is your confidante, your hand-held connection to the world — and one of your biggest vulnerabilities.
Scammers can take advantage of day-to-day tasks that seem innocuous, such as checking a bank balance or charging a phone at a public USB port, to exploit personal information for their profit.
To keep that data safe, start by understanding the threats. Your phone has three main areas of vulnerability: its hardware, its software and your phone number. Each carries a risk, but there are steps you can take to mitigate them.
A four-digit passcode alone isn’t enough to secure your phone’s hardware from intruders.
One weakness comes from the charging port. Think twice before plugging into a public USB jack for a quick charge at a cafe or airport.
“Any time you’re using a mobile port, you can be vulnerable to viruses or malware if you’re sharing it with other people who are plugging in their devices,” said Lisa Schifferle, ID theft program manager at the Federal Trade Commission.
Using a public charging port at an airport is like “finding a toothbrush on the side of the road and deciding to stick it in your mouth,” Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security, recently told Forbes.
Hackers can modify these ports to install malevolent software, or “malware,” on your phone. Once installed, it can transfer your phone’s data to hackers. The hacked USB ports can also directly suck up your phone’s information.
To avoid the risk, use your USB cord with your own charging block that can plug into a standard electrical outlet, or use an external battery pack [which are convenient for recharging anywhere].
For daily security, go beyond the four-digit passcode if possible, said Gary Davis, chief consumer security evangelist at the cybersecurity company McAfee.
“Passcodes aren’t as effective as biometrics, like fingerprint readers or facial recognition software, because people can do shoulder surfing to see your passcode and get into your phone if they steal it,” he said.
Software and network risks
Scammers can also target your personal information using unsecured wireless networks and software vulnerabilities.
— Network risks: Be wary of public Wi-Fi networks. “We advise against using public Wi-Fi, but if you’re going to use it, avoid logging in to sensitive accounts,” said Allen Spence, director of product leadership at IDShield, an identity theft protection company.
To protect yourself from inadvertently using insecure Wi-Fi networks, adjust your phone settings to avoid auto-connecting to Wi-Fi.
— Software: Hackers can exploit vulnerabilities in phone software. Schifferle of the FTC suggests consumers routinely check for and download software updates for their phones, because updates often include security patches.
Phone number scams
There are two common ways that scammers target your phone number: robocall scams and phone number theft.
— Robocalls: U.S. consumers fielded nearly 48 billion robocalls in 2018, according to an estimate from robocall blocking service YouMail. That was a 57% increase from 2017.
A common scam comes from supposed representatives of the Social Security Administration calling to say your benefits will be cut if you don’t give them your personal information.
If you get a call from a number you don’t recognize, don’t answer. That’s the best way to ensure you don’t get caught up in a phone scam. And know that government agencies like Social Security and the IRS won’t call you out of the blue seeking your personal information.
“You should never give out personal info or money unless you have initiated the call,” Schifferle said. If you answer a call and realize it may be a scammer, hang up, she advised.
If you suspect your personal information has been stolen by scammers, file a report with the FTC at identitytheft.gov.
— Phone number theft: Scammers are stealing phone numbers, which can leave you vulnerable to other forms of identity theft.
The scam is clever: A malevolent actor calls your cellphone carrier pretending to be you, and after confirming some key information, such as your mother’s maiden name, transfers your phone number to their device. You may not find out this has happened until you go to make a call and find that your SIM card has been deactivated.
Because phone numbers are often used as security keys, hackers may be able to get into many other accounts once they have access to your phone account.
Make it harder for scammers to penetrate your account by avoiding common security questions, Davis said. “When you set up your security questions and answers, make sure you’re using really challenging questions that are going to be hard for others to figure out.”