Smart Consumer: How to protect yourself from smartphone fraud
Three sets of people were made very happy by the Christmas bonanza of smartphones, iPads and other mobile devices.
They are the receivers and sellers, of course -- but also the growing international army of high-tech fraudsters intent on scamming your money.
This week people have all been warned to be extra vigilant when they use their new devices. "When times are tough, fraud increases," says the British anti-fraud group CIFAS.
Smartphones and iPads
This Christmas has seen a boom in the sales of devices like Amazon's Kindle e-reader, which sold at the rate of one million per week worldwide during the Christmas shopping season, while Apple says it sold 13 million iPads over the same period.
In the smartphone market, Samsung recently overtook Apple as the world's biggest smartphone maker, selling over 27 million handsets during the third quarter of last year.
But new users may not be wise to the growing security risks of these devices.
"Mobile devices are like the 2011 version of the floppy disk or USB key -- a security nightmare," says Michele Neylon, chief executive of Irish web hosting firm Blacknight Solutions.
"People tend to forget that their mobile device can hold either confidential data or be set up to access confidential data, such as company email or online bank accounts etc."
Pat Phelan of Cubic Telecom, an Irish mobile network operator, recently fell victim to a smartphone fraud that targeted his iTunes account. The fraud was based on a sophisticated phishing scam that obtained users' passwords.
"These devices are essentially computers so opening any attachment from a non-recognisable source is an absolute no-no," he said.
Even downloading popular mobile apps now comes with an official warning. "If you are unlocking your smartphone, be ultra careful where you download apps from as they have been known to have key loggers inside," says Phelan.
Key logging software, which can be secretly installed on unsuspecting users' devices, logs the user's key strokes, so hackers can figure out passwords.
People with Android phones have been particularly vulnerable to infected mobile apps in recent weeks.
The Android Market store, operated by Google, had a number of seemingly legitimate 'free' versions of premium apps. However, the downloads contained malware that sent premium-rate text messages to users.
Developers cloned or copied the apps titles and added malicious code that caused the handsets onto which they had been downloaded to send and receive premium text messages without their users realising.
The apps were downloaded more than 10,000 times.
What can you do about it?
Check any apps you download on to new devices carefully for legitimacy. Be familiar with the names of developers behind popular apps, check their ratings and reviewsand check your mobile phone bill regularly.
Don't respond to texts that are not from people you know.
As well as the increased focus on mobile devices, fraudsters are also exploiting inherent security weaknesses in social media, including Facebook and Twitter.
A common fraud is to infect a user's computer with a virus that will, when they next visit a site such as Facebook, raid the user's 'friends' list. The virus then sends an email to each friend asking them to click on a link to view a photo or video. The friends trust the name of the sender, click on the link, and in doing so their computer becomes infected.
Last month, Lady Gaga was the victim of a targeted attack on her Twitter and Facebook accounts. Multiple messages, seemingly from the singer, offered free iPads to her Twitter and Facebook followers.
"Social media networks are increasingly being exploited," says Neylon. "There are a lot of different ways of doing it; everything from tricking people into clicking on links, installing third- party applications or giving applications access to their account so that an app can post on their behalf."
Many people would think it important to protect their online bank account data and login details, but they don't feel the same way about social networking sites and end up using weak passwords, he says.
"People leak a lot of information about themselves via social networks like Facebook and Twitter, so it's a nice 'back door' for fraudsters," says Neylon.
What can you do to stop it?
Make sure your Facebook is 'locked down', and do not allow random people to view your list of friends or other details, even if these seem fairly innocuous. Remember that information such as your birthday could be valuable to a fraudster -- your date of birth, for example, is a routine security question.
Do not click on strange email attachments -- even if they purport to come from friends. If the text of the email sounds wrong in tone for a friend of yours, then think before you click.
Krishna De, a social media consultant, has a further security tip for those accessing social media from new smartphones they received for Christmas.
"Many people do not password-protect their phones, so you could look to install software that will lock and wipe your device if stolen."
'Card not present' fraud
With more and more of us shopping online, so-called 'card not present' fraud is a big risk. You'll realise that you've been a victim of this type of fraud either when you receive a huge credit card bill, or when large debit card purchases that you don't recognise push you into overdraft.
Such fraud can be perpetrated over the internet as well as by mail or over the phone -- and in the majority of cases, all the fraudster needs is your card number and sometimes the three digits on the back. So it is important to be on your guard.
Martin Warwick, fraud expert at analytics provider FICO, says that Verified by Visa and Mastercard Securecode -- whereby customers enter a password when shopping online -- are meant to protect consumers.
However, he added that these systems were "static rather than dynamic", meaning that fraudsters could gain access to them.
What can you do to stop it?
Keep your card data safe and do not give out your PIN on the phone. Enquiries from your bank will not ask you for your entire PIN -- just selected digits.
Ensure your secure codes are truly secure: don't give them out, and make them as complex as possible.