Smartphones: How to protect yourself from hacking

DAYTON, Ohio — Smartphones are powerful, pocket-sized computers that people occasionally use to make calls.

They allow users to browse the internet, send and receive emails, take photographs and store personal information.

People can download apps for shopping, banking, health and fitness, news, dating, weather, sports, transportation, delivery services and nearly everything else imaginable.

And yet many people do not take even basic steps to guard the information on these devices, even though they are vulnerable to the same threats as computers, including hijacking, theft, viruses, worms and Trojans.

One in three smartphone owners in Ohio do not protect their devices with passwords, according to a survey by the AARP, which is kind of like keeping money or valuables in a bank with no locks.

Nearly half of Ohioans admit that they do not use distinctly different passwords for every online account, the survey found, which means if hackers break into one account, they can likely get into others.

“We don’t view them the same as a computer, therefore we don’t protect them the same as a computer,” said Vance Saunders, a computer science faculty member and director of the cyber security program at Wright State University. “We are much more cavalier and less mindful of how we use those devices, which make them much easier targets than other devices we use.”

Bad guys tend to look for low-hanging fruit, and people can take a variety of steps to make themselves harder targets.

Mobile phone software and operating systems should be updated regularly, because computer code constantly needs to be fixed, or “patched,” to address vulnerabilities, bugs and other issues, said Scot Ganow, an attorney with Dayton-based law firm Faruki Ireland Cox Rhinehart & Dusing whose practice focuses on information privacy and security law.

Smartphone owners can turn on automatic updates in the settings of their devices so they need not remember to do it themselves. Consumers should delete apps they do not use because they provide potential access points and vulnerabilities for cyber intrusion, Ganow said.

Consumers also should use complex passwords to protect their accounts — the more characters the better — that contain a mix of numbers, symbols and uppercase and lowercase letters.

“Use different passwords on every single account,” Ganow said.

“Password” is a terrible password. A better one looks like gibberish: 78$ikk!jKlj.

People should never shop or bank on public Wi-Fi networks, because they lack security encryption, Ganow said.

Some hackers “spoof” Wi-Fi. They set up a bogus network that looks legitimate that allows them to secretly monitor and collect the information people broadcast on their mobile devices.

Fraudsters will trick people into joining their fake networks by labeling them things like “hotel network” near lodgings or “coffee shop network” near coffee shops.

Mobile phones constantly try to make Wi-Fi connections as people travel to and from home, the office, the store, coffee shops and other destinations. Security experts recommend people change their Wi-Fi settings so they only connect to trusted networks.

Consumers should only shop at websites that have “https” addresses and a padlock icon to the left or right of the URL, said McAfee Labs, the threat research division of Intel Security. Https addresses have encryption security to protect payment information.

Consumers should only install apps from tried-and-trusted app stores, such as Apple, Google Play and those belonging to mobile phone manufacturers, said Vincent Weafer, vice president of McAfee Labs.

Downloading apps from third-party sources and alternative marketplaces is risky. Android users have multiple app store choices and should research each before choosing what to use, Weafer said.

Similarly, people should research and read reviews and permission rights of apps before download to ensure they are wanted and trustworthy.

“Look at the app reputation scores,” Weafer said. “Be suspicious.”

Phony websites, which are often linked to phishing scams, try to trick people into revealing their login credentials and personal and financial information.

Smartphones’ small screens make it harder to determine if web pages and emails are legitimate, so consumers should be extra cautious when viewing messages and browsing online, said Helen Patton, chief security officer at The Ohio State University and head of Enterprise Security.

People can hover over a questionable link to see if it actually leads to a recognized and legitimate website. Consumers who receive notices about their accounts should go directly to the organization’s website to log in instead of clicking on a link.

Consumers should monitor their financial accounts and check their credit scores at least once a year to ensure there are no unauthorized transactions.

People whose identities are stolen should first contact the financial institution or organization where their information was misused to suspend or cancel the account, said Dayton police Sgt. Steve Clark.

After that, victims should change the passwords on all their accounts.

People who have been victims of identity fraud should check their credit scores every few months, Clark said.

“Unfortunately, most people do not know they are a victim until they’ve incurred a loss,” he said.

Experts say people should not store their Social Security numbers on their phones. Credit and debit cards can be cancelled and replaced. Social Security numbers are yours forever.