Your smartphone is your confidante, your hand-held connection to the world and one of your biggest vulnerabilities.

Scammers can take advantage of day-to-day tasks that seem innocuous, like checking a bank balance or charging a phone at a public USB port, to exploit personal information for their profit.

To keep that data safe, start by understanding the threats you face. Your phone has three main areas of vulnerability: its hardware, its software and your phone number. Each carries a risk, and there are steps you can take to mitigate them.

Hardware vulnerability

A four-digit passcode alone isn’t enough to secure your phone’s hardware from intruders.

One weakness comes from the charging port. Think twice before plugging into a public USB jack for a quick charge at a cafe or airport.

“Any time you’re using a mobile port, you can be vulnerable to viruses or malware if you’re sharing it with other people who are plugging in their devices,” says Lisa Schifferle, ID theft program manager at the Federal Trade Commission.

Using a public charging port at an airport is like “finding a toothbrush on the side of the road and deciding to stick it in your mouth” Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security, recently told Forbes.

Hackers can modify these ports to install malevolent software, aka malware, on your phone. Once installed, it can transfer your phone’s data to hackers. The hacked USB ports can also directly suck up your phone’s information. To avoid the risk, use your USB cord with your own charging block that can plug into a standard electrical outlet, or use an external battery pack.

For daily security, go beyond the four-digit passcode if possible, says Gary Davis, chief consumer security evangelist at the cybersecurity company McAfee. “Passcodes aren’t as effective as biometrics, like fingerprint readers or facial recognition software, because people can do shoulder surfing to see your passcode and get into your phone” if they steal it.

Software and network risks

Scammers can target your personal information using unsecured wireless networks and software vulnerabilities.

Network risks: be wary of public Wi-Fi networks.

“We advise against using public Wi-Fi, but if you’re going to use it, avoid logging in to sensitive accounts,” says Allen Spence, director of product leadership at IDShield, an identity theft protection company.

To protect yourself from inadvertently using insecure Wi-Fi networks, adjust your phone settings to avoid auto-connecting to Wi-Fi.

Hackers can exploit vulnerabilities in phone software. Schifferle of the FTC suggests consumers routinely check for and download software updates for their phones, because updates often include security patches.

Phone number vulnerabilities

There are two common ways that scammers target your phone number: robocall scams and phone number theft.

US consumers fielded nearly 48 billion robocalls in 2018, according to an estimate from robocall blocking service YouMail. That was a 57 per cent increase from 2017.

A common scam comes from supposed representatives of the Social Security Administration requesting you give your personal information or your benefits will be cut. If you get a call from a number you don’t recognise, don’t answer. That’s the best way to ensure you don’t get caught up in a phone scam. And know that government agencies like Social Security and the IRS won’t call you out of the blue seeking your personal information.

“You should never give personal info or money unless you have initiated the call,” Schifferle says. If you answer a call and realise it may be a scammer, hang up, she advises.

Scammers are stealing phone numbers, which can leave you vulnerable to other forms of identity theft.

The scam is clever: a malevolent actor calls your cellphone carrier pretending to be you, and after confirming some key information such as your mother’s maiden name, transfers your phone number to their device. You may not find out this has happened until you go to make a call and find that your SIM card has been deactivated.

Because phone numbers are often used as security keys, hackers may be able to get into many other accounts once they have access to your phone account. Make it harder to penetrate by avoiding common security questions, Davis says. “When you set up your security questions and answers, make sure you’re using really challenging questions that are going to be hard to figure out.”

Published in Dawn, The Business and Finance Weekly, August 19th, 2019