Keeping safe on the mobile map
Walking through a dodgy neighbourhood twenty years ago could see you losing your wallet and maybe a few teeth – those were the days!
Now there is much more at stake and the risks are not just on the bad side of town; in fact, our research shows that in the mobile age we are just as vulnerable on the high-street as we are down the side-alley.
As mobile technology becomes ever more integral in our day-to-day life, so our exposure to fraudulent activity increases. With our payment, banking and social media details stored on our devices in our pockets, we become the basket all our eggs are put in.
But, as has always been the case, protecting yourself against fraud is about being careful, alert, and knowing what to look for.
We all know the shortcuts and back-streets we avoid after it gets dark. This blog post aims to make you aware of the danger-zones on the mobile map.
Wi-Fi connections available…
One of the more technologically sophisticated methods of the modern fraudster is the Wi-Fi hack, it works like this:
1) The fraudster sets up in a public place with a pre-existing Wi-Fi connection, like a coffee shop or airport. They use their laptop to broadcast a Wi-Fi network with the exact same name as the venue’s official Wi-Fi.
2) The customer logs onto the fraudster’s Wi-Fi hotspot, which contains malware giving the fraudster remote access to their device.
3) The fraudster accesses the customer’s accounts using readily available cryptography and “password recovery” tools.
4) The customer leaves the coffee shop none the wiser, whilst the fraudster has hacked into online payment accounts as well as social media accounts, which can be used for further exploitation.
You have a new friend request…
By being selective and playing the numbers game, fraudsters can piece together a comprehensive profile of their victims, accessing data that makes stealing identities easy work. Below is an example of how they achieve this:
1) The fraudster befriends “Joe” on a social network. The fraudster checks out “Joe’s” connections and friends, selecting targets based on how much and what kind of information they post about themselves.
2) Some fraudsters can get what they need from this alone:
“I find out their mother’s maiden name by tracking to their mother’s brother. I can’t believe the lazy banks are still relying on this piece of data as a security check.” -Convicted Fraudster
3) Other fraudsters go deeper, creating a new account for “Joe,” reaching out to targeted connections impersonating “Joe,” claiming he has lost access to his old account and been forced to create a new one.
4) The fraudulent “Joe” can now see all of the target connection’s posts, history, likes, job titles, employers, venues, education, hobbies, where they live and where they’ve lived in the past:
“Social networks are great, whatever you want to find out about somebody to complete your id theft…it’s all there.” -Convicted Fraudster
We appreciate your loyalty…
The fraudster and his phone book is a tried and tested method. But whereas previously the fraudster might impersonate a major supermarket chain, now, in conjunction with a social-media hack, the fraudster can individually tailor each call to play against the victims personal comfort zones and blind spots:
1) Fraudulent “Joe” nurtures the connections made using the fake account, filtering them according to whether a phone number has been tracked or not.
2) “Joe” monitors his filtered connections. “Joe” is looking for repeated instances of interactions with a company, brand or product.
3) “Joe” notices that one of his connections, Susan, has “liked” Bob’s Burger Bar and has tagged herself as visiting this restaurant on multiple occasions – this suggests confidence in the brand, and at this level fraud remains essentially a confidence trick.
4) Susan tags herself as visiting Bob’s Burger Bar. “Joe” waits a couple of days and then makes a call to Susan:
“Hi, is that Susan? This is Mike down at Bob’s Burger Bar. You came in a couple of nights ago, right? No, nothing’s wrong, we’ve just noticed that it looks as though you’ve been charged twice for your bill. I’m so sorry, our poxy machines been playing up. We’re going to process a refund for the whole amount of both charges as our way of saying sorry. Can I just take your card details and we’ll get that done for you?”
5) Because the fraudster has solid information about the purchases, because Susan trusts the company, and because the request is in Susan’s favour – a refund – this method is very effective for fraudsters:
“This is my favourite technique. It’s quick and easy…and it has a high success rate. I walk away with all the card details I need.” -Convicted Fraudster
Knowing what to look and listen for is a decisive step in protecting yourself from the fraudster’s methods, so remember:
1) Cautious Connections
Always attempt to verify Wi-Fi connections with the venue’s staff. If you connect to public Wi-Fi frequently on a mobile device, think about what kind of information you feel comfortable storing on that device.
2) Private Posting
Be smart about what you post online and be even smarter about who you choose to let see that information. All major social media sites have customisable privacy settings, use them.
3) External Verification
If someone contacts you, claiming to represent a company, brand or product, take their information before giving any of your own. Conduct an independent check of their claim before deciding if it’s legitimate.
About Judopay · Judopay simplifies in-app payments, enable frictionless checkouts and intelligently prevents fraud for leading companies globally. Our payments and mobile experts help guide businesses and their development partners to create best in class apps to make paying faster, easier and more secure. Founded by serial financial technology entrepreneurs in 2012, Judopay is backed by leading venture investors and supported by banking and card scheme partners to offer in-app payments that are simple, frictionless and protected.
Image source: Business computing world