Mobile fraud is reaching unprecedented levels, and users are vulnerable in numerous ways, including the following:
- Apps can redirect you to fake sites that download malware onto your phone or procure your private data by imitating legitimate and recognizable sites.
- Email scams lead to mobile vulnerabilities because many people access email on their smartphones.
- SMS phishing (or smishing) is the practice of sending fraudulent messages by SMS in an attempt to acquire personal or bank information.
- Text messaging is susceptible to “spear phishing,” where the fraudster finds out personal information about you via social media or other online sources and sends you a personalized fraudulent message targeting a particular interest of yours to lure you to an unsecured site.
Mobile fraud prevention is crucial for any business when you consider how integrated mobile has become in people’s work lives. Mobile devices are no longer personal devices because they’re often used to access secure company data.
Here are some tips to train your staff to avoid mobile fraud:
Train Employees to Recognize Suspicious Messages
Don’t assume that all your employees are savvy enough to spot a scam. In fact, assuming the opposite is a safer approach. Teach employees how to spot red flags in email or text messages such as:
- Messages that lead to sites that prompt you to enable user location
- Messages that lead to sites that ask for your bank information
- Urgent messages (sometimes from recognizable sites) asking to confirm account information or lose access to the account
- Messages from 500 numbers (a common fake number)
- Messages that use fear or shame as a tactic to get you to open the message and follow the link (e.g., “Your bank account may have been accessed,” or “Don’t let them see your low credit score.”)
- Messages from any company you didn’t authorize to text you
Employees should learn the following:
- Exercise caution when clicking on links
- Avoid opening emails with .exe files
- Go to a company’s official website or call its public number to confirm any requests
- Call the number associated with a suspicious message to determine if it’s spam or not (often there will be no answer, but if someone does answer you might recognize unprofessional behavior)
- Be cautious when entering your password and username, especially when performing a task for which they are not usually required
- Avoid enabling access to your location
- Avoid providing personal, company or bank information on sites that initiate contact
- Check with your IT department if something looks suspicious
Improve Your Authentication Process
Of course, not all attacks will be so obvious and, unfortunately, fraudsters are becoming more sophisticated in their approaches. Routine updates to apps that require password entry may be hacked to gain access to your mobile and linked accounts.
David Ting, CTO at Imprivata, suggests that companies incorporate a single sign-on (such as LastPass or Yubikey) to eliminate passwords in favor of more secure authentication methods.
Enable Text Alias
Most mobile companies let you send and receive texts with an alias instead of your phone number. You can create a safe list of friends and family to give your alias to and then disable your phone from receiving texts from anyone not using your alias. This will considerably reduce your vulnerability to smishing texts.
Conduct a Test Run
Some companies specialize in training businesses to avoid phishing scams. PhishMe or PhishLine perform tests by sending fake phishing messages to your staff. They’ll send you a report on how many employees clicked on the phishing links and note where they clicked (desktop, laptop, tablet or mobile), allowing you to target your staff training to address specific problem areas. It also gives your IT department a head start in developing security procedures for your company’s weak spots.
Retrain and Update Often
Scams evolve and become more advanced and sophisticated. Therefore it’s important to keep employees up to date on new scams and policies, and offer new training periodically to minimize your company’s risk.
Minimize mobile fraud risks by educating your employees. Strengthen your security defenses, use services that help you test whether employees are adequately trained and consistently update your training to include new information.
By being aware and mindful, you can train your team members to spot questionable messages on their smartphones and protect company data.