Malicious actors are people who attempt to access a person’s mobile device or personal information for their own gain. Oftentimes, malicious actors set up ‘honeypots’ or traps that get a user to perform an action that will give the actor greater access to that user’s devices and accounts. Many people think that their phones will be able to stop all attacks, or that these tactics would never be used on them. Unfortunately, they are far more common than expected and can compromise serious information about a person’s accounts, information, and life.
The best way to prevent yourself from becoming a victim of these attacks is to be fully informed about the methods used by malicious actors. Here are a few examples of tactics used by malicious actors, along with ways to protect yourself from these specific attacks.
USB Charging Ports “Juice Jacking”
One of the newer tactics used by malicious actors is a process known as ‘Juice Jacking’. This occurs when a person replaces a physical USB charging port with their own hardware that will grant them access to a user’s phone. Unsuspecting people in public locations such as airports may plug their phones into one of the handy USB charging ports but will be unknowingly granting a malicious actor complete access to their device. While this newer form of malicious acting is not common, it does still occur and will often go unnoticed by a user for months or even years.
To keep yourself safe from this tactic:
- Never use a charging cord that does not belong to you.
- Do not use public USB charging ports or stations.
- If you have to charge your devices in a public location, always use your own charging cord and an electrical outlet.
Phishing
Phishing is a practice in which malicious actors send fraudulent emails or texts intended to deceive a user into revealing information or clicking on a corrupted link that installs malware on the user’s device. Phishing is a massive problem online. In 2022 there were over 300,000 reported victims of phishing attacks in the United States alone. The reason this practice is so effective is because of the ever-changing manipulation tactics that allow these attacks to seem more and more authentic.
Email is the most common method for a phishing attack and can be done in a way that looks incredibly real. For example, you may receive an email from your bank telling you that your account was compromised and that you need to click a link to recover your account. Sometimes the attacker will even have your name, your company name, or other information about you that is meant to appear authentic.
Here are some questions to ask when receiving an email to determine if it is a phishing scam:
- Are there typos in the email address or in the text of the email?
- Is this email claiming to offer a prize, reward, or discount?
- Is this communication unexpected or unsolicited, even if it seems like a person or entity you are familiar with?
- Does it ask for your username, password, credit card number, or any other sensitive information that you would not normally share?
- Is there a sense of urgency in the email claiming something like ‘you only have 24 hours to recover your account’?
In any case, you can always contact the individual or company directly to ask if the email is real. When it comes to phishing attacks, it is always better to air on the side of caution and ignore emails that seem suspicious.
Geotagging
Geotagging is the process of adding metadata to photos or social media posts that can pinpoint the geographic location of the user. Geotagging is not necessarily harmful on its own, but it can become dangerous when malicious actors have access to a person’s location. The process of geotagging can happen in two ways: either through the deliberate action of a user to tag a location on social media, or the unintentional tagging of photos done automatically on mobile devices.
A user can deliberately choose to geotag their location by adding it to a social media post. This is a function that allows them to tag a specific place, such as the restaurant they are eating at in a photo or the location they are visiting for a vacation. This is often harmless and usually poses no threat due to most users tagging a public location. However, it can pose a threat if users tag private locations. Basic Internet safety rules can easily circumvent any danger posed by this form of geotagging.
The second form of geotagging is the automatic tags added to photos taken on a person’s phone. Photos taken on devices with location services enabled will include code in the photo’s metadata that can show the location of where it was taken. Malicious actors are able to access that code and therefore the information that shows your location.
While taking and posting a photo that has been geotagged is often harmless, certain information such as a user’s home or school address could pose a safety concern. Automatic geotagging can be disabled on most mobile devices.
You can protect yourself with geotagging by:
- Being aware of where you take photos and being sure to only post ones taken in public spaces.
- Limiting what locations you tag on social media posts.
- Making your social media accounts private to ensure malicious actors will not have access to what you post.
- Disabling geotagging on your device.
Any harmful practices online can be avoided by users who are aware of the risks of being online and the tricks used by malicious actors. This guide, along with practicing basic Internet safety etiquette, is a good way to remain safe.