Society & Culture

Mobile devices make easier targets for identity theft

Athens, Ga. – Having a mobile device may make some tasks easier, but that on-the-go convenience comes with a higher risk for potential identity theft, according to one security proponent at the University of Georgia in connection to National Cyber Security Awareness Month.

“Mobile phone users tend to be less careful and less aware of security problems they can encounter. This is especially true where phishing attacks are concerned, because mobile users are usually the first to come under attack,” said Laura Heilman, a security awareness and education manager in UGA’s Enterprise Information Technology Services office.

In recent years, smart phones and tablets have meant people are perpetually connected to the Internet and quickly respond to emails and text messages.

“As a result, we often respond too quickly and are more susceptible to phishing attacks,” Heilman said.

Smaller screens on mobile devices mean it’s harder to tell if a web page is legitimate, she explained. The full link to a page is not always displayed on a phone’s Web browser, thus making mobile users more susceptible to being tricked by spoofed sites. A spoofed link may start with a similar host name but have a different domain name.

As an example, Heilman uses a fictitious website, www.aboutmobilephishing.com. The “aboutmobilephising” part of the link is the host name and the “.com” is the domain name. On a mobile device, someone may only see “http://www.aboutmobilephising” and not notice that the link ends with “.net.” That person may be directed to an imposter website that looks identical to the real website.

“Because you cannot view the entire link on your phone, you may fall into the trap of providing personal information on what appears to be, but isn’t, the legitimate website,” Heilman said.

She also cautions people from providing their user name and password to any unsolicited email or text message claiming to come from a financial institution. Those who do so may get a message saying the site is “experiencing a high volume of traffic, please try again later” or their login credentials were not recognized.

“You have just helped an online criminal steal your private information and probably more,” Heilman said. “We enter our user name and passwords so often on our mobile devices that we may not stop to think what information we’re potentially providing to criminals.”

And, many websites are designed to be mobile friendly, which makes them easier to view on smaller screens, she added. Login screens on a phone or tablet may be more simple-thus making it easier for criminals to mimic.

Heilman offers the following advice to protect against phishing scams on a mobile device:
• Avoid sending private information with your device. If you must send private information, use encryption when transmitting personal information. There are several apps available for Android and a few for iPhone. Don’t forget to check out the reviews of any app you chose before downloading it.
• Use caution when you get email from an unknown sender. Treat texts the same way. Avoid responding to texts from numbers or people you don’t recognize. Avoid following links in text messages.
• Avoid free Wi-Fi hotspots and stick with trusted, secure networks. On the UGA campus, use the PAWS-Secure wireless network. Even if a wireless network requires a password, you may not have a secure connection.

The Office of Information Security at UGA has more information on identity theft and phishing scams available at infosec.uga.edu. The Office of Information Security is a part of the university’s Enterprise Information Technology Services. EITS is marking National Cyber Security Awareness Month with activities and events in October. For more information, see eits.uga.edu.