Mobile Phone Security
Mobile devices lacking the personal firewall, anti-virus software and other protections common today on personal computers, these devices can be vulnerable to a variety of security threats, including:
- Malware: A term for “malicious software” that is inserted into a system, usually covertly,with the intent of compromising the confidentiality, integrity or availability of the victim’s data, applications or operating system, or otherwise annoying or disrupting the victim
- Phishing: Luring unsuspecting customers to provide sensitive personal information or downloading malware through an email. Popular scams including phishing emails that appear to be coming from a FI and contain a link to a spoofed website; the site tricks victims into logging in using their personal credentials, which are then captured by the criminal.
- SmiShing: A contraction of “SMS (Texting) and phishing”, in which criminals pose as a Financial Institution and use SMS in an attempt to gain access to confidential account information. The typical scam informs the mobile device owner that the person’s account was compromised or credit/ATM card was deactivated. The victim is directed to call a phone number or visit a spoofed website to reactivate the card. Once at the website or through an automated phone system, the victim is asked for card, Pass code and/or account numbers.
- Vishing: A contraction of “voice and phishing”, in which victims are tricked into disclosing sensitive personal information through a phone call or voice response unit (VRU).
- Best Practices for Mobile Banking
- Modify the phone’s settings so that only messages from authorized numbers are allowed.
- Add the FI short code and customer service phone number to your contacts and only initiate SMS and phone calls from your contact list. Do not reply to SMS messages that do not exist in your contact list.
- Do not click on links in SMS messages unless you initiated the SMS conversation with your FI.
- Do not call phone numbers not in your contact list. If you are unsure about a phone number, you may text “Help” to your FI short code and compare the phone numbers. Only call the numbers in your Help response or in your contact list to avoid Vishing
- Bookmark the FI’s mobile web site and only use this bookmark to access the site to avoid phishing.
- Avoid using unsecured, public WiFi networks to access financial accounts with mobile devices.
- Always use your cellular network when conducting mobile financial services.
- Only download apps from stores, such as Apple & Android, that are submitted and branded by the FI.
- Finally, know that FIs will not ask users to provide confidential information over an email or SMS message.
- Always use your cellular network or a secured private network when conducting mobile financial services.
- Do not access Mobile Financial Services from a “jail broken device”
Dangers of Jailbreaking your Mobile Phone
- Jailbreaking makes your iPhone, iPad or iPod touch an easier target for malware. It completely removes the walls that Apple built into both iOS and the iTunes App Store. Most documented malware for iOS has affected only jailbroken devices.
- You really don’t know how secure your device will be after it’s been jailbroken. That’s because you’ve fundamentally changed the whole operating system.
- There’s no longer any antivirus software available for the Apple iOS, and the few products that did exist were limited in their abilities.
- As a result, if you jailbreak your iPhone, you’re on your own. There’s no program that can protect you from infection, other than iOS itself.
- Jailbroken apps are not always supported in new versions of the Apple iOS, and each system update pushed out by Apple usually will erase jailbreaks and apps that depend on them. You will have to jailbreak the device again, reinstall the unauthorized apps and hope they all still work.
- Buggy unauthorized apps can crash an iPhone or iPad or even “brick” them — render them unusable.