How to Spot a Phishing Attack on Your Phone

Mobile phishing is becoming increasingly popular among cybercriminals as people gullibly interact with the booby traps while refusing to install a security solution on their phone.

According to Bitdefender’s 2021 online behaviors report, 61% of internet users experienced at least one cyber threat over the course of the year. Phone scams and phishing accounted for 59% of all the threats.

At the same time, respondents expressed mixed feelings about installing a security solution on their mobile, with 30% refusing to install one, citing misconceptions like:

  • My smartphone has online security embedded (16%)
  • My online habits do not require a mobile security solution (14%)
  • Security products are difficult to install (9%)
  • Too many false warnings (9%)
  • Conflicts with other apps on the device (8%)
  • Smartphones are not exposed to malware (7%)…

… and the list goes on. In fact, 13% of respondents bluntly put it this way: I don’t trust antivirus providers.

However, these misconceptions drive cybercriminals to keep improving their methods and increase their chances of a payout.

Scare or lure?

Also known as SMS phishing or Smishing for short, mobile phishing techniques leverage the SMS (Short Message Service) function to display a message requesting some sort of action on the victim’s behalf. It may say something like:

‘You’ve got a new voice message from [phone number]. Listen here [URL]’

‘You’ve won an iPhone 13! Follow this [URL] to claim your prize’

‘Your parcel is here’…

… and so on.

Sometimes criminals take another tack, trying to scare you with fictitious statements from your card issuer, an online retailer, or your phone company. Examples include:

‘Login to confirm your identity’

‘Your account may be compromised’

‘Your payment is past due’

In short, phishing scams tap into our fears or desires by scaring or luring us into taking a certain action, like giving away personal data or installing malware.

‘You’ve got an audio message’

Sometimes, phishers’ social engineering tricks are also used to deliver malware to unsuspecting victims. FluBot, for example, is a particularly dangerous piece of malware that goes after mobile devices. And it ends up on victims’ phones in a manner identical to smishing attacks.

It targets Android users with messages and notifications that tell the victim to listen to a new voice message from an unknown number. Users who access the embedded link and follow the instructions give away their contacts, personal data, credit card information, browser data, and more. FluBot then uploads contact numbers to a command and control server then sends new fraudulent texts to each newly-harvested contact – essentially spreading like a flu. Hence the name, FluBot.

How to protect yourself

Now that you know what to look out for, it will be much easier for you to spot a scam. When in doubt, always contact the alleged ‘sender’ yourself, on a different channel, to verify the sender’s identity.

But while exercising vigilance is a great way to fight phishing, some campaigns are sophisticated enough that they can trick even a trained eye. So it’s increasingly important to defend our security and privacy with dedicated tools and expertise.

Bitdefender Mobile Security for iOS and Android filters incoming data and blocks anything that looks or feels like a threat to your security or privacy. It also adds an encryption layer to prevent your data from being mishandled. The new Scam Alert feature goes the extra mile, dealing smishers a blow before the victim even gets a chance to interact with the malicious content.

While vigilance certainly helps, a dedicated security solution is probably the easiest way to thwart phishing on your phone. This means you don’t have to be a cybersecurity expert to defend yourself against sophisticated attacks, so you can get on with your life and not worry about getting hacked.