Do you know what “bluesnarfing” is? Most likely, you don’t.
Just when we think we’ve learned all the ways digital thieves can attack us, and how to stop them—create strong passwords, beware of phishing scams, enable two-factor authentication—they find new ways to steal your personal information.
What is a phone scam?
Phone scams exploit vulnerabilities in a phone to steal information. Bluesnarfing, for instance, does this through your phone's bluetooth connection.
It’s part of the reason that identity theft remains a huge problem in the United States. There were nearly 1.4 million reported cases of identity theft in 2020, with nearly one-third of those having been victims of identity theft before. Identity theft increased 53% from 2019 to 2020.
The latest trend is that an increasing number of those crimes are happening via our mobile phones, says Robert Siciliano, a Boston-based security analyst and partner at Protect Now. The results can be devastating. When criminals can spy on or even control your device, it can be easy for them to access your financial accounts and steal your money. Here’s what to watch out for—and how to help protect yourself.
Bluetooth Phone Scams
Security around Bluetooth technology has dramatically improved over the past decade, but it remains a major risk, says Siciliano. It’s easier for hackers to exploit vulnerabilities in your Bluetooth if it’s on all the time. This is increasingly common, especially with the popularity of Bluetooth headphones.
What is bluejacking?
Constant Bluetooth connectivity opens the door for hackers to send a SPAM text (“bluejacking”), which can lead to them accessing your email and other personal information on your phone (“bluesnarfing”), and even taking total control of your phone (“bluebugging”).
● Reduce your risk: Switch your Bluetooth connection to off when you’re in public and not using it.
Juice Jacking
If your phone battery is running low at an airport or another public place, those USB charging ports can look tempting. But be wary: The ports can be infected with malware that exposes your information to crooks. The same holds true for charging cables—so only use ones that come from trusted sources.
● Reduce your risk: Antivirus software should help protect your phone. But Siciliano recommends you play it safe by skipping the USB port and charging your phone with an adapter that plugs into a traditional socket.
SIM Swapping
“This crime is a living, breathing nightmare,” says Siciliano. It’s also a growing problem—there was a 78% increase in SIM swaps from 2017 to 2018. Here’s how it works: Armed with just your phone number and some basic personal info, a crook assumes your identity, says their phone was lost and asks the cellphone carrier to associate a new SIM card with your phone number. This makes your number active on their phone, allowing them to reset passwords and shut you out of your email and social media accounts. Even scarier, this crime makes two-factor authentication useless: Because the crooks have your number, they’re the ones getting any text messages with authentication codes, which can give them full access to your bank accounts.
● Reduce your risk: At a minimum, contact your cellphone carrier and add additional security, like a PIN code. For even more protection, buy a USB security key, which offers two-factor authentication that is independent of your phone.
Phishing Scams on the Phone
Phishing scams have been around for a long time, but it’s still the most common way that personal information is stolen, says Siciliano. In a phishing scheme, you receive emails or texts that seem to be from legitimate companies, but actually contain links that download malware or take you to counterfeit sites that ask for your password. Phishing scams can be harder to detect on mobile phones than on laptops, since the smaller screen may not display the entire URL, which is often one clue that it’s fake.
● Reduce your risk: Be skeptical of every email and text you receive. If you didn’t ask to receive the message, don’t reply or click on any links in it. If you think the email or text may be legitimate, contact the company directly to be sure.
Public Wi-Fi
The rules for your phone are the same as for your laptop, says Siciliano; when connected to Wi-Fi in a coffee shop or other public venue, your personal information may be at risk.
● Reduce your risk: Download a VPN and use it any time you’re on a public network, so that any data you send and receive will be encrypted.
Apps
The iTunes and Google Play stores have strict requirements and thorough vetting processes, Siciliano says. While some may slip through with malware or other vulnerabilities, the stores are vigilant and tend to remove bad apps over time.
● Reduce your risk: Avoid apps from any other source than the two big stores. And use antivirus software, especially with the Android operating system, which is more vulnerable than Apple’s iOS.
Rich Beattie is a former executive digital editor of Travel + Leisure, and has written for outlets such as The New York Times, Popular Science, New York Magazine and Ski.
Learn more about protecting your information from Identity Thieves.