Proudly sponsored by

Disinfect your phone …

Your mobile device is at risk of infection, putting your personal information and privacy at risk of fraud
Image: Bloomberg

Imagine if your mobile phone could be used to spy on you, listen to your conversations and send information and images from your device to a third party? This is not an imagined, dystopian future, it is the story of the Pegasus spyware put on mobile devices by clients of Israeli spyware software firm NSO.

Although the Pegasus spyware is meant to be used by law enforcement only and is targeted at high-value individuals, this story provides some food for thought as mobile malware and spyware are not only aimed at the wealthy and the important – they can have a serious impact on anyone’s life.

Other mobile threats such as banking malware for example use a similar process to the Pegasus spyware to get to users’ devices. For example, many of these types of malware get installed by people clicking on a link that they received via SMS or WhatsApp and end up downloading a malicious app that could result in advertising click fraud, mobile ransomware, banking trojans or in some cases, even roots or jail breaks their phone to obtain full remote control over the device. The malware then allows for the criminals to listen to calls, take screenshots and see what the user types – catching passwords and banking details.

Criminals use social engineering tools and approaches to lull users into a false sense of security. Pretending to be anything from a parcel tracking link to a banking confirmation link, these malware messages are designed to provoke people to make impulsive mistakes. And these mistakes can lead to your device being completely compromised, putting you and your financial security at risk.

These smart malware infiltrations are designed to get past people’s defences. Another form of distribution is taking advantage of devices that have not been updated or exploiting vulnerabilities on the phone or in apps that do not yet have patches. It is really important to ensure that your mobile devices are updated, and to ensure that you minimise risk by removing unnecessary apps, only downloading apps from official apps stores and by avoiding clicking on links from your mobile device.

Unfortunately, people are more likely to click on a link using their mobile device because they think they are safer than a computer. You need to be cautious and ensure that if you do not know the sender, you do not download anything or click on anything. Do not believe an SMS message that tells you to update your WhatsApp software or a link that tells you to update an app that comes through a social media platform. Always update from the App Store or Google Play, nowhere else.

Also, be aware of clickjacking, which is a form of mobile phishing that comes with an invisible link, which is covered by a “bothersome” graphic element that is made to look like a small hair or a speck of dust. This tricks the user into wiping the hair or dust off the mobile’s screen, which activates the link and launches a connection to the phishing site.

Keeping your mobile device free from infection means that you watch what you click, you do not trust unexpected links from unknown sources, do not share information with anyone – especially if they call and pretend they are from your mobile phone provider or bank – and do not provide people with your OTPs unless you have initiated the transaction with a trusted agent yourself. Mobile devices are as much at risk as computers, so stay aware, stay alert and stay secure.

Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA.


Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


Cyber crime and cyber security is a real, daily threat in our “modern world”!

I keep tell my friends and coworkers, but it seems there’s a really lax attitude towards it.

“do not share information with anyone – especially if they call and pretend they are from your mobile phone provider or bank”

When are South African Banks going to train their staff to do their jobs without phoning out of the blue and asking customers to provide confidential information over the phone? When the BANK phoned the CUSTOMER? They obviously know who the customer is – because they phoned the number logged on their system as belonging to that customer. But they can’t prove that they’re really phoning from the bank.

FNB is particularly bad at this, time after time after time.

It gets worse. Most every day there is more of it. I had a call from someone claiming to be from Absa credit card and offering an increase of credit limit. It was expected that I would give not only my personal details but also full details of all income which would then need to be verified trala trala. So I told the caller that this was an insane request and that I would be a total clot to provide such information to an unknow stranger on the phone. Two hours later I get a call from a different person with exactly the same spiel. So the same response was given with the threat of lodging a complaint with Absa about the whole security issue. The general degradation of thought processes that is accompanying the ongoing promotion of abject incompetence is nothing short of being a scourge.

End of comments.



Subscribe to our mailing list

* indicates required
Moneyweb newsletters

Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us:

Search Articles:
Click a Company: