Cybercrime has been around since there was a cyber world to abuse, with criminals stealing information, money, and identities, shutting down businesses, and compromising security all over the world. As more and more of us have taken to using our mobile phones for browsing the web, banking, and shopping (smartphone-only mobile commerce was up 221% this Thanksgiving), the risk of cybercrime grows ever larger on mobile devices, which criminals are increasingly eyeing as a promising new source of revenue. Thankfully, mobile cybercrimes are still relatively rare, but in recent years major security scares, viruses, and other mobile crimes have become bigger issues, and it's only a matter of time before mobile devices are seeing a scourge of cybercriminal attacks. In fact, 92% of information security officers believe that mobile payments will cause a serious increase in cybercrime over the next few years. Here are some m-commerce crime trends to watch out for now and in the coming years as criminals look to take advantage of the security flaws and popularity of mobile browsing and shopping.
A rootkit is a particularly stealthy type of software that installs itself on a user's device and hides itself from the normal modes of detection, letting it operate in secret to get privileged access to a computer and its user's information. In the past, these malicious programs were limited to laptops and desktop computers, but they're becoming a threat from mobile phones as well, as revealed by research at Rutgers in 2010. A rootkit, when installed on a phone, could affect every part of the phone from the touch screen to the passwords. These programs can not only steal information, they could potentially even reroute calls from legitimate businesses to criminal operations. That's not a threat to take lightly, and many are advising mobile users to be careful what they view, and with certain operating systems, use anti-virus and anti-malware software.
QR codes can be a cool way for consumers to find out more about products and find a wealth of information with very little effort, but they're not always safe. Mobile phone users never quite know where the codes will take them once scanned, and in a growing number of cases, QR codes are leading to sites that download a virus or malware onto the user's mobile device. Mobile security experts are already seeing a rash of QR code problems, and expect them to grow significantly in number over the next year.
If thieves can bypass a mobile phone's security they can steal digital certificates. What are digital certificates? They're what verify that a user sending information is who she or he claims to be. As you might guess, someone else having access to the ability to pretend to be you could be a pretty serious security risk. While that risk already exists when you use a PC, it's increasingly becoming a concern for mobile users as well, and was identified by AVG Technologies as being one of the most pressing issues in mobile security.
Like its cousin phishing, smishing tries to trick individuals into revealing personal, private information. Smishers send their victims an SMS (text) message, baiting them into divulging personal details like bank account, credit card, or social security numbers. Smishers often pose as businesses, drawing in those who believe they're simply helping keep their accounts in good standing, avoiding bogus charges the smishers say they'll owe if they don't comply, or sometimes even trying to win a (fake) prize. Sometimes, smishers aim to collect personal information directly and other times they are trying to install malware that can allow a phone to be controlled remotely. Recent reports place smishing as one of the most common reasons for criminal data loss.
Sadly, there's such a big business built up around this kind of mobile crime that there are even common job titles associated with it (confirmer is one big one). Social engineers scam mobile users by either tricking them into giving them private information or by tricking companies that the individual uses. Sometimes, criminals will hack into bank accounts and change customer contact information. When frauds occur, the bank will contact not the customer but the criminal, who will verify the charges (these are those pesky confirmers). Social engineering occurs in such a wide variety of ways that it's hard to fight. Consumers will just need to be on their toes and watch out for any unusual activity to avoid becoming victims.
Think you're safe from cybercriminals when you're sitting at home using your Wi-Fi to browse the web? You may not be. Wi-Fi offers many criminals easy access to your information if you're not careful. While a secured home Wi-Fi network offers some protection, many mobile consumers use public networks for Wi-Fi, too, which can open them up to criminals who steal their personal information or hijack their interactions with banks and businesses. Some tests have found that most Wi-Fi networks can be hacked in five minutes or less, so mobile users should do any private business on their cells while on their mobile plan, not Wi-Fi.
According to McAfee, a leading antivirus provider, mobile security threats rose by 46% in 2010. Yet a whopping 70% of mobile phone users felt that their smartphones were safe from these kinds of attacks. That false sense of security may be leading many mobile users to become unwitting victims of cybercrimes. While viruses and malware that attack mobile phones are still rare in comparison to those designed to attack PCs, the growing number of smartphones and tablets has become a new, ever bigger target for criminals. Experts advise not only mobile customers but also businesses to prepare for a growth in this kind of attack by creating more secure apps or payment systems, and offering better support to consumers.
App stores open up a wealth of opportunities for criminals to fill your mobile device with crimeware. No one would willingly download a program onto their smartphone that would cause them to be the victim of fraud, but crimeware is disguised as being a different type of program altogether, perhaps a game or a useful utility. In fact, the app may actually run in that fashion. The problem is, however, that it comes with a tagalong malware or other tracking device that lets criminals access information, control the phone, and a range of other malicious activites. Think it can't happen to you? The BBC reports that the proliferation of these apps has increased from just 29% to 62% of all smartphone malware this year.
You, and the businesses you frequent, might think encrypting data keeps you all safe. For sophisticated cybercriminals, however, encryption may not be a roadblock to stealing your personal information, your money, or your identity. It's becoming increasingly easy for criminals to crack the most common types of encryption, and with many governments blocking the use of high-level encryption technology (so that they can break the codes if necessary for law enforcement purposes) consumers and businesses alike are stuck in a particular sticky situation. Your best bet? Be as careful as you can, watch for any indications of fraud, and use the highest-level encryption possible for all sensitive data.
Whether you're calling a business to order goods or taking a photo of your home, someone can be listening in. Unfortunately, electronic eavesdropping is possible via a number of different methods. It can occur over unsecured Wi-Fi networks or through malicious apps, but no matter how it happens, it's a very serious security threat that could result in large amounts of critical personal information being compromised. With a recent report by the Government Accountability Office finding a rise in malicious software aimed at mobile devices of about 185% in just a year, there's reason to worry for both businesses who want to keep transactions secure and customers who want to keep information out of the wrong hands.