Avoiding Phishing on a Mobile Device
This article provides guidance on how to avoid phishing scams on a mobile device.
Types of attacks
Mobile devices are particularly susceptible to scams because they can receive them via email, phone call, and text message. Below are explanations of each type of scam:
Phishing: social engineering attack that specifically targets a user through an email. (Example: job offer email asking for personal information, email from a company that you need to validate your account or lose it, email from a professor or classmate that seems unwarranted, etc.)
Vishing: social engineering attack that specifically targets a user through a voice phone call. (Example: a phone call claiming to be the IRS that your identity has been stolen, etc.)
Smishing: social engineering attack that specifically targets a user through text message. (Example: a text message that you have a package waiting to be claimed, a text message that you won something, etc.)
Below are some tips to help recognize phishing attacks on a mobile device:
- Make sure to check out the sender – On mobile devices, tap on an email sender's Avatar/Person icon to bring up more information on the sender's email address. This can help identify a malicious email by recognizing if the sender spoofs/imitates the message.
- Do not follow links sent in email or text messages – Be suspicious of URLs sent in unsolicited email or text messages. While the links may appear to be legitimate, they may direct you to a malicious web site. Additionally, do not attempt to preview any messages on a mobile device, as this could install malware.
- Be wary of downloadable software – There are many sites that offer/advertise games and other software you can download onto your smart phone or PDA/tablet. This software could include malicious code. Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate (for more info on certificates: https://us-cert.cisa.gov/cas/tips/ST05-010.html). If you do download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.
- Evaluate your security settings – Make sure that you take advantage of the security features offered on your device. Attackers may take advantage of Bluetooth connections to access or download information on your device. Disable Bluetooth when you are not using it to avoid unauthorized access.
- Be careful about posting your cell phone number and email address – Attackers often use software that browses web sites for personal information such as email address and phone numbers. These email addresses and phone numbers then become targets for attacks and spam. (See Reducing Spam for more information.) By limiting the number of people who have access to your information, you limit your risk of becoming a target.
- Enroll in and utilize multi-factor – Multi-factor Authentication (MFA) protects your account from bad actors by requiring something you know plus something you have, to gain access to a secure site or application. UWM requires all students and employees enroll their accounts in MFA. For more information on MFA at UWM please visit our website.
- Utilize the Outlook App for your mobile device – Using the Outlook app on your mobile device secures access to your UWM email by requiring MFA. Also, by using the Outlook app on your phone you can check out the sender by tapping the Avatar/Person Icon to bring up more information on a sender’s email address.
- Protecting Portable Devices: Data Security
- Understanding Website Certificates
- Cybersecurity for Electronic Devices
- Defending Cell Phones and PDAs Against Attack
- Cyber Threats to Mobile Phones
- How To Prevent Mobile Phishing Attacks
- Protect yourself from phishing
- 5 most common mobile phishing tactics
- How To Recognize and Avoid Phishing Scams
- Phishing attacks: defending your organisation
- Reducing Spam