How to Fraud-Proof Your Smart Phone

Like many finance professionals, I depend on my iPhone for virtually all communication needs, not only for phone calls but also for sending and receiving email, maintaining contact directories, catching up on business news and e-books, and checking stock prices. In the office and at home, I rely on personal computers to get work done and, increasingly, social networks like LinkedIn and Facebook to keep in touch with business contacts.

 
Which is why a press briefing I recently attended was personally disturbing. “In 2010, we’re expecting to see more iPhone attacks,” said Wing Fei Chia, senior security response manager at the Asia Pacific unit of F-Secure, a Finnish anti-virus and Internet security tools provider. The malicious Duh worm, which tries to turn iPhones into a botnet in order to obtain financial information, was discovered in November. F-Secure expects attacks on other smart phones, including those running on Android and Maemo.
 
F-Secure also forecasts more intrusions into social networks such as Facebook, Twitter, Myspace, and LinkedIn as hackers seek detailed personal information for fraudulent schemes and launch spamming and denial-of-service attacks.  Facebook now has 350 million accounts, a concentration of people and data that is very tempting to cyber-criminals.
 
And Conficker, which Wing considers ‘The Worm of 2009,’ is still out there in the wild. F-Secure warns that various versions of the worm have infected at least 6 million computers worldwide. No one knows who the perpetrators are and what they plan to do – Conficker has yet to cause mass disruptions. “But imagine controlling more than 6 million bots,” says Wing. “What damage can be caused?”
 
Mobile Phone Tips
Fortunately, only ‘jailbroken’ iPhones – meaning devices that have been modified to allow it to download applications from non-Apple sites such as Cydia and Rock App – are vulnerable to the current worm. But that doesn’t mean that devices that have not been tampered will remain safe in the near future. F-Secure recommends the following steps to protect your IPhone:

 

  • Enable password protection to prevent unauthorized access.
  • Keep your phone updated. Install the latest firmware update when it becomes available.
  • Keep your connections (Bluetooth, WiFi) off when not in use.
  • Deactivate JavaScript, block pop-ups and reject or delete cookies.
     
  • Use an application that would securely encrypt and store your passwords.
  • Regularly backup the data on your mobile phone.
  • Always keep your phone close to you. 

  

  • Do not jailbreak your iPhone. Jailbreaking is different from SIM unlocking, which is the process of making the device compatible with telephone networks that the phone was not specifically licensed to use. Jailbreaking allows the iPhone to download applications not available on Apple’s official distribution system through such installers as Cydia, Rock App, Icy and Installer.
     
  • If your iPhone is jailbroken, you can still protect yourself by changing the default SSH root password using the aforementioned unofficial installers.
 
Do’s and Don’ts on the Net
Katherine Kwan, vice-president, Product Development & Management, Consumer Group, at Hong Kong telecom company PCCW, was also at the briefing. “Cyber attackers are getting more sophisticated by leveraging on the new vulnerabilities created from the latest Internet usage behaviours,” she warns. These include being connected online most of the time, engaging in peer-to-peer downloads, explosion of social networking usage and online use by children.
 
Kwan made the following recommendations to help ensure online well-being. Some of them are admittedly impractical. Does anyone really understand privacy statements and license agreements? Wouldn’t you be missing business opportunities if you don’t open email messages from people you don’t know?
 
But it’s good to know what the experts say, anyway. Perhaps some of these steps will work for you.  
   
  • Don’t download software from websites that you don't know or you don’t trust.
  • Don’t open email attachments with file extension (.EXE, .BAT, .COM, and .PIF), Microsoft Word documents (.DOC) and Visual Basic scripts (.VBS) directly from emails even if you know the sender. Never open .VBS files. It is risky to do so.

  • Don’t click ‘OK’ or ‘AGREE’ or even ‘CANCEL’ if you cannot close a pop-up window. Only close with the red ‘x’ on the top right corner of the window.
  • Don’t open email attachments (or even emails) from people you don’t know.
 
  • Do install anti-spyware software.
  • Do make sure your browser security setting is set to ‘Medium’ or ‘High’ for Internet usage. In this way, you will see a warning if any spyware tries to invade while you are browsing a website.
  • Do always use up-to-date anti-virus software. Being up-to-date is critically important. Note that an illegal copy of anti-virus software can’t protect you against harm as it does not update automatically.
 
  • Do scan all new programs or files that may contain executable codes before you run or open them.
  • Do keep your computer up-to-date. Always update Microsoft Windows with the latest version.
  • Do use Internet firewalls. Microsoft provides a free firewall for Windows XP users.

  • Do regularly back up your data and prepare for recovery, as even the most expensive anti-virus tools are no guarantee you will be 100% protected from virus and worm attacks.
  • Do read privacy statements and license agreements prior to downloading anything. If you don't understand the terms and conditions, simply give up downloading.
 
Good luck!
 
About the Author
Cesar Bacani is senior consulting editor at CFO Innovation

 

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern