The worst cyber-security mistakes you can make on your phone

Rob Waugh
Yahoo! News
Many people are unaware that cyber criminals target mobile devices - or think that putting a four-digit PIN code is sufficient protection.

Many people are unaware that cyber criminals target mobile devices - or think that putting a four-digit PIN code on their phone is sufficient protection.

But cybercrime on mobiles is already real. In the UK, 22% of users report that they have received text messages requesting that they click a link or dial a number to access a ‘voicemail’ message - a common attack used by cybercriminals

App stores such as Google's Play are also filled with 'fake' apps - often made to look like real hits such as Angry Birds - which can infest phones with adverts or even run up huge bills calling numbers abroad.

Mobile adware - or 'madware' - attacks have risen 210% in the past year, according to figures from Norton.

'Your smartphone is as sophisticated if not more than your PC,' says Norton's director of security response, Kevin Haley. 'It has all the same information, it’s got your work information and your personal information. It even has financial transactions on it. Why wouldn't the bad guys target it?'

Safe use of smartphones will come into focus once more on Tuesday, February 5, which is the tenth Safer Internet Day.

                          [Related: Stay safe online on Safer Internet Day]

Below are some common errors which can leave smartphones vulnerable to cyber-criminals. 

1. Not using a password

Many smartphone users keep personal details such as social network passwords and banking details on phones - and 44% of users don't use a password to protect their phones, according to KnowTheNet.

Of those who do, one in nine use '1234' - handing cyber criminals access to email accounts that can yield addresses, bank details and even passwords.

Recent research by Symantec shows that 50 per cent of lost phones will not be returned and 96 per cent (including those returned) will have data stolen.

Marian Merritt, Norton's internet safety advocate, says: "Make sure your mobile phone is pin-protected so all your personal information stored on it is safe. Download a security app which allows you to remotely wipe any personal data."

2. Using 'free' public wi-fi

‘When you go on a public wi-fi network - say BT - you have no way to determine whether it’s a real network run by BT, or a fake run by a spotty guy next to you,’ ,’ says Tom Beale of Vigilante Bespoke, a company which tests networks for security ‘holes’.

‘The problem’s particularly bad on mobile, where you really can’t tell if you’re on a fake network set up to steal your data. If you’re going to use public networks for business, use a laptop, because the browser will warn you of security breaches - your phone won’t.’

                          [Related: Stay safe online on Safer Internet Day]

3. Downloading fake apps

Fake apps are rife on marketplaces such as Google's Play Store. 'Clones' of popular apps such as Angry Birds Space instead infect your phone with malicious software.

The only defence is to be wary about downloading apps - particularly free ones - from the store. Look for apps that have large numbers of positive reviews and developer names that you recognise.

Some simply serve you annoying adverts. Others, though are far more sinister - adding huge amounts to your bill by dialing foreign numbers or using premium SMS services.

4. Using your web browser for banking

Banking apps exist for a reason - mobile browsers can pose security risks, including plug-ins that may store data.

Banking over public wi-fi via a browser is particularly risky.

According to Norton's research, 65 per cent of European users limit the sites they visit on their mobile device - preferring to bank via apps or via a home PC.

                          [Related: Stay safe online on Safer Internet Day]

5. Leaving personal details stored on phones

Some security errors leave you vulnerable not just to cybercriminals but to ordinary thieves. If a phone is stolen, criminals will often look through for bank details and other information that can be valuable.

KnowTheNet's research found that 38 per cent of British adults keep key personal data such as online banking details (4 per cent) and social media passwords (18 per cent) on their device.

Leaving yourself logged in to apps such as banking or shopping means that if your phone is lost or stolen, the damage can be far worse.

Users should ensure they log out of any such apps after use - and if details are stored on a device, they should be stored in a free, password-protected app such as SecureSafe.