A new report by cybersecurity firm Zimperium claims more than 10 million mobile devices across 214 countries were affected by mobile threats last year. The firm identified more than two million new strains of smartphone malware.  “Whether they are targeting the banking apps for financial gain, stealing passwords and text messages, or using the phone to spy on unsuspecting victims, the mobile phone has increased both our personal and employer’s digital attack surface,” Richard Melick, Director of Product Strategy, Endpoint at Zimperium told Lifewire in an email interview. 

Your Phone’s Under Attack

New data from Zimperium demonstrates the growing threat posed by different mobile attacks such as phishing. From 2019 to 2021, Zimperium analyzed more than 500,000 phishing sites and found that the number of mobile-specific phishing websites grew by 50%. And throughout 2021, 75% of the phishing sites Zimperium analyzed specifically targeted mobile devices. Over the past two years, attackers have also exhibited an increasing sophistication in their methods for executing phishing attacks, Zimperium said in its report. For example, the percentage of phishing sites using HTTPS has grown steadily, from less than 40% in 2019 to nearly 60% in 2021, making it increasingly difficult for users to distinguish these sites from legitimate ones. Beyond phishing and social engineering scams, Melick said that hackers are targetting mobile users more and more with mobile malware. Globally, one in four mobile devices encountered malware in 2021, and he expects that trend to continue in the coming years.  “These malicious applications target users’ banking info, social media accounts, e-mails, and work productivity tools like Office 365,” he added. “We are also seeing a rise in spyware designed to track users, steal photos and documents, and access microphones and cameras on the device, all without the victim knowing.” Historically, exploits for mobile malware have not been as common as those targeting laptop and desktop computers, simply because this is where the majority of users conducted their financial transactions, Austin Berglas, Global Head of Professional Services at the cybersecurity firm BlueVoyant and former Assistant Special Agent in Charge of the FBI’s New York Office Cyber Branch. But as more people use mobile devices, cybercriminals have adapted their tactics.  This new focus is driven simply by a desire for financial gain and is made possible by the ever-expanding field of opportunity with more internet-connected devices,  Berglas said.   “Mobile devices are the epicenter of our lives,” he added.

Defending Your Phone

Everyone needs to be cybersecurity aware to foil attackers, Dan Kirsch, the managing director of cybersecurity firm Techstrong Research told Lifewire in an email interview.  “There isn’t a single mobile phone user that hasn’t been targeted with some sort of scam—whether it’s an expiring car warranty for a vehicle you no longer own or a more sophisticated customized attack,” Kirsch added. Kirsch advises mobile users do the following to protect themselves:

Always verify who is contacting you when a request is made to disclose information or sign into a page. Your bank won’t reach out to you to ask for your banking information. Keep in mind that it’s unlikely that a personal contact will ask you for gift cards or credit card credentials.Passwords should be complex and unique. Although users know better, many continue to use the same passwords across multiple applications and accounts. Consider using a password manager like LastPass to help you create and manage your passwords.Think before you install a new application. Apps from third-party application stores or from unknown developers can include spyware and malware. If an application promises massive discounts or free content, think to yourself if it makes sense. 

Experts say there’s a lot at stake if you don’t protect your phone.   “The biggest threat is that the users’ identities (username and password primarily) will be stolen,” David Stewart, the CEO of cybersecurity firm Approov, said by email. “And the assets in their accounts, everything from payment methods to healthcare data via rewards points, will be exposed and reused in other settings.”