Let’s talk about some areas of mobile security that fly under the proverbial radar; Smishng & Greyware. These are terms that the 99.99% of users never hear nor understand the implications of these threats. Let’s break it down;
Smishing – SMS Phishing. This is a simple derivative of the common term “phishing”, which implies using social engineering to trick an unsuspecting user to provide information and/or access to sensitive content. This attack method is predominantly used in conjunction with banking/financial phishing attempts as users are more susceptible to fear-based motivation with regards to their financials.
Greyware – refers to mobile adware and nuisance-based functionality of apps. Malicious apps that have subroutines aimed at gathering sensitive information are on the rise. Tapping into location services, access to the microphone/audio, and having the ability to prompt the user with false notifications are common avenues of nuisance functionality that can be harmful.
It is important to understand that using a mobile device that stores sensitive information can be harmful if the actions of the user are unsafe. Considering the average user uses social media, online banking, and email on their mobile device – these are the three main avenues of attack vectors hackers will attempt to exploit. The financial gain from obtaining an email with its paired password will lead to the compromise of all three elements. This is because the average user uses the same email and password combination for all their services. Password variation is industry best practice for a reason, it is a step in the right direction to avoiding a security breach.
We must be vigilant, we must be ready, and most of all, we must be educated!