How to protect yourself from cell phone phishing attacks

used phone scam header

The cell phone in your pocket is a wonderful thing, and it has led to a massive overhaul of the way our lives function. In conjunction with the internet, the humble smartphone means you have access to an enormous amount of data whenever you need it.

Unfortunately, that access is reciprocal, and stopping your personal data from getting out there is tough. While it may seem trivial, little bits of information are all some criminals need to try and scam you out of more valuable data, like your bank details or passwords. One of the ways this is done is known as “phishing,” and it’s becoming more commonplace every year.

Despite strong security on both iOS and Android, it’s hard for your smartphone to protect you against phishing attempts. Don’t let your faithful smartphone lead to your financial downfall or worse — here’s how you can protect yourself from cell phone phishing attacks.

What is ‘phishing’ and how does it work?

Before we start, let’s answer this question: What is phishing? Phishing — pronounced fishing — is simply a scam where a criminal uses emails, phone calls, and other contact methods to pretend to be someone they’re not, in order to get access to important and often confidential information. Think of it as being a long-distance con man and you’re not far wrong.

The aim of a phishing scam is usually to get access to a person’s financial information — but the range of options open to scammers is as diverse as the internet. So, while it’s common for phishers to impersonate banks, they will also target Apple accounts, for example, or any other service where payment information can be found. Phishing scammers may try to pass themselves off in (but are not restricted to) one of these guises:

  • Your bank informing you of a problem with your account.
  • A service provider like Apple warning that your account will be closed if you don’t respond.
  • A delivery company informing of an impending delivery.
  • A retailer offering free gift cards, coupons, or huge discounts.
  • A tax rebate from the IRS, or your local tax authority.
  • The purchase of an expensive item, with a link to stop the transaction.

Phishers often prey on the natural fears of targets in order to get them to act quickly, and without caution. These messages will urge you to hurriedly sign into your account or confirm details without checking the source — and just like that, the scammer now has what they need to steal your money.

The only real defense against phishing is constant vigilance. With that in mind, here are some of the more common phishing attacks that may target you, and what steps you can take against them.

SMS-based phishing

how to send a text from your email account
kantver/123RF

Texting is one of the most common methods of communication — and that makes SMS messaging a tempting target for many phishers. SMS phishing — known as “smishing” — follows many of the typical phishing rules. Each text contains an internet URL, which will often take you to a convincing replica of your banking website or some other website that requires you to log in. When you sign into your account, you’re actually giving the attackers the information they need. Sometimes you’ll be prompted to download something, which allows attackers to get malware onto your system. From there, the scammer has the information or control they require, and you’ve been effectively “phished.”

It’s easy enough to avoid being taken in by these scams. Be skeptical. Phishers will use greed or fear against you, and will try to use them to goad you into action without prior forethought. Take a moment to look at the message you’ve received, and try to spot any of these giveaways:

  • Errors in spelling, punctuation, or grammar.
  • A lack of personal salutation — “sir,” “madam,” or “valued customer” instead of your name.
  • The offer is too good to be true.
  • It’s trying to get you to act quickly, without taking time to consider.
  • This company or person has never contacted you in this way before.
  • The originating number seems suspicious.
  • A lack of personal information — legitimate companies never ask for information via text message.

Of course, these methods aren’t foolproof, and if you have any suspicions, do not act as the message requests — and never tap anything in the message. Instead, if it’s a message about an account you hold, contact that company directly without using the link or phone number in the text. If the text claims to be from your bank, use the number from the back of your card, or access their website independently from your web browser. For services and tax authorities, contact them via their authorized phone numbers, email addresses, or websites.

For offers that simply look too good to be true, just ignore them. After all, there’s no such thing as a free lunch. If you’re sure a text is phishing, make sure to block the number from contacting you again. Also, you can report the number to the Federal Communications Commission or the Internet Crime Complaint Center (IC3).

Call phishing

what are scam likely phone calls image

Another of the most common phishing methods is a direct phone call. Voice phishing — also known as “vishing” — involves a human element, and will normally come at you with a similar plan of attack as SMS smishing attempts. That means people pretending to be your bank, the tax authorities, or someone else trying to gain valuable information.

As ever with phishing attempts, there are some fairly big giveaways that you can use to figure out if a call is legitimate or not.

  • You’re being asked to share your PIN number or other personal information — your bank will never do this.
  • It’s too good to be true.
  • The caller is trying to get you to act without thinking.
  • The originating number seems suspicious.

This list is not exhaustive, and if you have any doubt at all, it’s worth excusing yourself politely and hanging up.

Explaining that you’ll ring back (to an official number) before divulging any personal information is a great way to avoid potential scams. Do not follow any instructions offered unless you’re absolutely sure it’s a legitimate call — and even then, companies should be able to offer the same service if you call back.

As with any text phishing attempts you uncover, make sure to block the number from contacting you, and report the number to the FCC or the IC3.

Other phishing methods to be aware of

Social media phishing

We live in an interconnected age, and social media is a huge part of that. However, not everyone is who they claim to be on social media. Formerly trustworthy accounts can be hacked, and through no fault of your own, lead to you surrendering money or information to a hacker’s phishing scam.

Always be wary of messages from friends requesting money, or odd-looking messages — especially if those messages use a link-shortening service like bit.ly to hide the link’s destination. Also exercise caution with social media quizzes and other fun games — these can be used to gather information from yourself and even your friends. The recent Cambridge Analytica scandal is a stark warning of what information can be gleaned from social media.

Fraudulent websites

If you’ve got your eye out for suspicious messages, then you’re less likely to directly interact with a fraudulent website. However, always be vigilant for websites masquerading as the real thing, especially websites like banks and online shops.

Always make sure to check the URL you’re clicking through to. For example, http://www.bank.example.com is not the same as http://www.bank.com — the first link would go to a specific page made to look like a bank site.

Those ones are easy to notice, but less easy to notice are those that use small differences to stand out, including underscores and dashes. As another example, www.my-bank.com and www.my_bank.com are two very different websites — but easy to confuse at first glance. When in doubt, always double check and try to use a known URL.

Preventative measures

Google play
Ymgerman/123RF

It’s hard for security measures to guard against phishing, simply because it’s often just a phone call you receive, or a dodgy website you visit. However, there are ways to try and make sure you don’t get caught hook, line, and sinker.

Only install apps from authorized sources

To avoid an unauthorized app getting a hold of your data, it’s best to only download apps from your smartphone’s authorized vendors. For Android phone owners, that’s the Google Play Store, while for iPhone and iPad owners, it’s Apple’s App Store.

While some third-party app stores are legitimate, it can still be a gamble, and a malicious app can slip through the net. Google’s and Apple’s security is tried and tested, and exceptionally good. If you’re on Android, we also recommend an antivirus app, just to be safe.

Turn on caller ID or other services

Many carriers now offer a free service that highlights possible scam calls, like T-Mobile’s and MetroPCS’s “scam likely” service, and many phones now come with call-identifying capabilities built in. These abilities give a quick snapshot of whether the service thinks the call is legitimate, and allow you to report scam calls to a central database. If your phone doesn’t have one built in, consider downloading Should I Answer for Android or Truecaller for iOS.

Be vigilant, and always think twice

There’s no advice or app that replaces simple common sense, so always take a moment to reflect on what’s on offer. If it sounds too good to be true, it probably is. If someone is trying to force you to make a snap decision, or if they’re asking for confidential information, then they might be trying to rip you off. Be cautious and always think twice, and you hopefully won’t get scammed.

Social Media

Walkie-talkie voice messaging finally comes to Instagram

In its latest grab from messaging apps, Instagram now lets you send walkie-talkie style voice messages. Apps such as Facebook Messenger, WhatsApp, Snapchat, and iMessage have offered the feature for some time.
Mobile

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Digital Trends Live

Digital Trends Live: Amazon Go expansions, the robocall onslaught, more

On this episode of Digital Trends' live morning show, Digital Trends Live, hosts Greg Nibler and Jeremy Kaplan explored the news of the day, including Amazon Go's potential expansion, the robocall onslaught, and more.
Computing

With 20,000 sites swallowed up, a botnet is eating WordPress alive

A botnet of infected WordPress sites has been attacking other WordPress sites, generating up to five million malicious logins on certain WordPress backends within the last thirty days.
Mobile

Looking for flexible and inexpensive phone service? Check out our favorite MVNOs

Looking to switch from a major carrier to something a little more affordable? Luckily, there are a ton of great MVNO options to choose from. Check out our guide to the best MVNOs, from Boost Mobile to Google Fi.
Cars

Best Products of 2018

Our reception desk has so many brown boxes stacked up, it looks like a loading dock. We’re on a first-name basis with the UPS guy. We get new dishwashers more frequently than most people get new shoes. What we’re trying to say is: We…
Outdoors

Puma revives its classic 1986 smart shoe, complete with high-tech heel hump

More marketing stunt than serious effort to dominate the smart shoe space, Puma is about to re-release its classic RS-Computer Shoe. The high-tech footwear from 1986 was a breakthrough at the time, despite its unsightly heel hump.
Smart Home

Uber Eats is testing a system for cheaper meal delivery

You know how Uber Pool offers cheaper trips if riders share a car? Well, Uber Eats is currently testing the same idea for meal delivery, and it could mean cheaper orders for customers.
Mobile

New Apple Watch begins saving lives one week after getting EKG feature

The Apple Watch Series 4 was updated almost a week ago with a new feature that allows users to take electrocardiogram tests -- and already it seems like the new feature is saving lives.
Mobile

The best smartphone stocking stuffers for a very techy Christmas

If you've got a tech-loving smartphone enthusiast to buy for, we can help you out. Here's a selection of top phone accessories that would make amazing stocking stuffers so you can have a very Merry Christmas.
Mobile

OnePlus's 5G phone should arrive in May 2019, may cost up to $850

OnePlus will be among the first companies to put the new Snapdragon 855 processor into a phone, and will also release a separate and more expensive 5G phone in 2019 with the help of U.K. network EE.
Mobile

Santa Claus is coming to town. Get ready with these Christmas apps

Like it or not, Christmas comes but once a year. Thankfully, we've got a list of the best Christmas apps to help get you into the holiday spirit, just in case you want to call Santa or become a Christmas elf.
Mobile

Upcoming Samsung Galaxy S10 trio may all have different camera setups

While we still may be months away from an announcement, there's no doubt about it: Samsung is working hard on its successor to the Galaxy S9. Here's everything we know about the upcoming Samsung Galaxy S10.
Gaming

Xiaomi’s Gamepad 2.0 turns the Black Shark into a mini Switch

Chinese phone manufacturer Xiaomi has introduced the Gamepad 2.0 for its Black Shark gaming phone that launched earlier this year. The new gamepad is similar to the Switch Joy-Con, with one piece attaching to each side of the phone.