Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Cell phones have become an essential tool for just about everyone. We communicate, pay bills, shop, and browse the Internet largely through our phones, so it is no surprise that scammers and identity thieves are focusing more of their attention on these devices.
I was recently reminded of this fact when someone told me about their phone number being used by a hacker to access their CVS coupons. Like many companies, CVS has an app you can use to make your shopping experience easier. Therein lies the problem: Sophisticated scammers can break into your phone remotely and then use your apps to steal data or even empty your bank account.
Some indications that your phone has been hacked include apps that appear on your phone that you didn’t download, sluggish phone speed (malware can reduce its power), spikes in your data usage that you can’t explain, or a large number of pop-ups appearing on your screen.
A cardinal rule for cybersecurity on all of your devices is to never click on a link or download an attachment unless you have absolutely confirmed it is legitimate. Also, it is a good practice to download apps only from the major app stores; while they cannot guarantee that there are no bogus apps, they do a pretty good job of screening the apps that they offer.
A good place to start is checking your phone’s apps. Sometimes a spyware app may have been covertly downloaded to your phone, so go through your apps and delete any that you do not recognize or regularly use. Look at the activity on all of your apps to see if there is unexplained activity. If you believe you have been hacked, change your password immediately and run anti-malware software to look for possible infections.
Although both the Android and iPhone operating systems have some security protection built in, both types of phones are still susceptible to viruses and malware infections. Android phones are more vulnerable to viruses primarily because the Android operating system allows access to third-party apps that are not found in the Google Play Store. While there are many legitimate apps that you can get outside of the Google Play Store, you can never be sure whether these apps have been properly vetted. That’s why I recommend installing security software on your cell phone; anti-virus apps are available for both Android and iPhone.
Here are other steps you should take to protect the security of your cell phone:
- Use a strong, unique password for your phone.
- Use dual factor authentication (and ideally, a method other than SMS) for all of your online accounts, so that even if your password is compromised, such as in a data breach, your security is still protected.
- Download and install security patches for all of your software and apps as soon as they are available. Scammers often exploit vulnerabilities in software for which security updates have already been issued, but that the consumer has failed to install. The major data breach at Equifax ,which compromised information of 148 million people, was caused by the failure of Equifax to install a months-old security patch for one of its software programs.
Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now
Comments
A recent example illustrates this risk: a person discovered that their phone number was compromised by a hacker, who then used it to access their CVS coupons through the company’s app. This incident highlights a significant vulnerability: when hackers gain remote access to a phone, they can manipulate apps to steal sensitive data or even drain bank accounts.
I was recently reminded of this fact when someone told me about their phone number being used by a hacker to access their CVS coupons. Like many companies, CVS has an app you can use to make your shopping experience easier. Therein lies the problem: sophisticated scammers can break into your phone remotely and then use your apps to steal data or even empty your bank account.
Dear Bob
I read with great interest your article in The Saturday Evening Post under Con WatchApril 2023. The article explored scams that occur with these scams impersonating someone working for Publishers Clearing House. Ironically, I received a phone call from an individual asking me if I had gotten a notification letter in the mail letting me know that I was a winner of 2.5 million dollars at 25k/month for ten years. He knew my full address, he did not ask me for my bank account number or social security.
He told me that he and his team would go to the bank with me to meet the manager and to ensure everything would be alright that answer any questions in regard to the legitimacy of the check since it was such a large amount of money .
He said that all he needed from me was to pay for a pre paid card from one of your sponsors i.e., CVS, Walgreens fetch in the amount of $298.00 This would be to pay for the ps1 federal federal I’d and other forms and IRS forms to go ahead and have these filed.
He told me that this w as the PCH promotional event
Would you be so kind as to sharing your thoughts on this with me?
Thank You so very much
Warren W Vaughan Sr
This post sums up exactly why I prefer using my desktop computer than my iPhone for financial transactions. One such exception is when I need to check my bank balance. When I need to move money from my savings account to my checking account and I am actually talking to a bank teller. Perhaps the Spectrum automated attendant if you need to make a payment, but other than that, no.
This article perfectly illustrates why I do almost all transactions on my desk top, and not the iPhone. Certain exceptions include checking my bank balance. If I need to transfer money from my savings to checking, and that I’m speaking with a bank PERSON there. Maybe the automated attendant at Spectrum to make a payment, but that’s about it.
I HATE dealing with “apps” and “QR codes” on the phone. Other than ‘Waze’ for directions, no use. I tried a Sri Lankan restaurant in Tarzana last week, and they don’t have menus. No, they were counting on me to scan that damn blotch, make up a password, a user name, get a one-time numeric code texted to me. etc. ‘F’ that; especially with 11% power left after an exhausting day. This? Here? Now? Seriously?!
The waiter brought over the menu on a larger iPad, but I had to make the decision with his standing there, giving suggestions. I made a small order and he apologized, explaining everything is “contactless” there since Covid, and thought that includes me as a customer ever again.
Live and learn. From now on study the menu on my 22″ desktop screen first to determine what I want with a new restaurant, just in case. I don’t know about you, but I like to “scan” a normal plastic or paper menu. No thank you if they’re code or app only. It’s degrading, and I won’t do it. One time is all I usually need to learn my lesson.