Fraud Alert: Phone Hacking!
A few days ago, I received a message on WhatsApp from Mandar, an old friend, informing me about the hacking of his mobile phone. He sent similar messages to his other contacts, requesting everyone not to respond to any message or send money. In a separate incident, a fraudster posed as DY Chandrachud, the chief justice of India, and sought Rs500 on Instagram. The imposter claimed he needed that money for taxi fare to reach the apex court for an urgent meeting. While the Supreme Court has registered a first information report (FIR) with the Delhi police, the message of the imposter seeking money went viral on social media.
 
Similarly, earlier this month, Supriya Sule, working president of Nationalist Congress Party-Sharadchandra Pawar (NCP-SP) and a member of Parliament (MP), also posted a message on X about her phone being hacked. She said, "My phone and WhatsApp have been hacked. Please do not call or text me. I have reached out to the police for help."
 
"Phone and WhatsApp are now working again. Thanks to Pune Rural Police and WhatsApp Support for their quick help. Sorry for any trouble caused while I was unreachable. Please be careful—never share OTPs or click on unknown links," she posted later on X.
 
What is common in the incidents with Mandar and Ms Sule is the use of 'phone hacking'. However, phone hacking has become a generic term for every inability to access a mobile device. Let me explain.
 
Hacking, per se, is not that easy. And for mobile phone hacking, one needs very sophisticated equipment (read: latest and costly) and specialised software that are not available easily and are expensive to buy. Those freely available 'hacking' software or 'spyware' are mostly malware. 
 
For example, Pegasus, the military-grade spyware from Israeli firm NSO, is used by governments around the world to snoop on a long list of more than 50,000 people in 50 countries. Pegasus is a malware that infects iPhones and Android devices. It allows Pegasus users to pull messages, photos and emails, record calls, and activate microphones from the user devices. The only caveat is that NSO claims it sells Pegasus only to governments. In other words, only governments can afford to buy and use Pegasus. 
 
In the case of Mandar, his mobile was not hacked, but a fraudster tricked him into dialling a number starting with * and # which forwarded calls from his mobile to another phone (owned by the fraudster). He did not receive any calls for more than an hour. 
 
However, he continued receiving SMS and WhatsApp messages as his device's mobile and data network was still working. The fraudster also tried to gain entry into his WhatsApp account using the forward facility. With help from a techie, Mandar managed to cancel the call divert and was thus saved from further damage. He also changed his WhatsApp security settings, including using a second-factor authentication for login. (Read: Fraud Alert: Don't Dial These Codes from Your Android Mobile
 
The case of Ms Sule, the MP, is more like a phishing attempt where the attacker may have gained access to her mobile for some time. While more details are not available, her message "Please be careful—never share one-time passcodes (OTPs) or click on unknown links" makes it clear that she may have shared an OTP or clicked on some link received through a message (either SMS or WhatsApp message). Her case may be a fit case of what actually is phone hacking since the stakes involved are quite high given the stature of Ms Sule, an outspoken and seasoned MP and the daughter of veteran politician Sharad Pawer. 
 
Mobile phones have become indispensable to modern life, holding a vast amount of personal and sensitive information. This convenience, however, comes with a significant risk: mobile phone hacking.
 
Mobile phone hacking refers to unauthorised access or manipulation of a smartphone's data, communications, or functionalities. Hackers can gain access to personal information such as contacts, photos, emails, banking details, and more. Once inside, they can manipulate data, install malicious software, or remotely control the device.
 
The consequences of mobile phone hacking can be severe, ranging from financial loss to identity theft and privacy violations. In some cases, hackers can use a compromised device to spy on conversations, track movements, or use the phone to carry out other cybercrimes.
 
Let us first understand what exactly phone hacking is and then we can learn how to protect our devices from hackers. 
 
Hackers employ various methods to gain unauthorised access to mobile devices. It includes phishing, malware and spyware, subscriber identity module (SIM) swapping, Bluetooth hacking, juice jacking, Wi-Fi eavesdropping, and social engineering attacks. 
 
Phishing is one of the most prevalent forms of mobile phone hacking. In a phishing attack, by pretending to be a legitimate entity, hackers trick users into providing sensitive information, such as login credentials or OTPs. Hackers also use a seemingly authentic email, text, or social media message containing a malicious link or attachment.
 
Once the user clicks on the link or opens the attachment, they may be directed to a fake website that looks like a legitimate login page, or malware may be installed on their device. The attacker can then capture personal information or gain control of the phone.
 
While malware is malicious software that can be installed on a smartphone without the user's knowledge, spyware is a specific type of malware designed to monitor a user's activities, such as keystrokes, emails, and browsing history, and send this information back to the hacker. 
 
SIM swapping is an increasingly common attack where fraudsters deceive mobile service providers into transferring a victim's phone number to a new SIM card. Once they have control over the victim's phone number, they can intercept calls, messages, and two-factor authentication (2FA) codes like an OTP. It allows them to access online accounts, like net banking or social media, by resetting passwords using the 2FA codes sent to the hijacked phone number.
 
Bluetooth hacking, also known as bluejacking or bluesnarfing, exploits vulnerabilities in Bluetooth connections to gain unauthorised access to a smartphone. Many users often keep the Bluetooth connection 'on' and discoverable. When a device's Bluetooth is left in 'discoverable' mode, nearby hackers can potentially connect to the device, access files, or install malware. 
 
Juice jacking is another method employed by hackers on publicly available charging stations. Juice jacking involves a charging port that doubles as a data connection, typically over USB. Through this, hackers either install malware or surreptitiously copy sensitive data from a smartphone, tablet or other computer devices.
 
Similarly, public Wi-Fi networks (read: free Wi-Fi) are notorious for being vulnerable to hacking. Cybercriminals can set up rogue Wi-Fi hotspots or use 'man-in-the-middle' attacks to intercept data transmitted over the network. When users connect to these compromised networks, hackers can capture sensitive information such as login credentials and personal messages or even inject malware into the user's device. 
 
Social engineering attacks involve manipulating people into divulging confidential information or performing specific actions. On mobile devices, social engineering attacks may involve tricking users into installing malicious apps, sharing personal information, or bypassing security protocols. These attacks can occur via phone calls, text messages or interactions on social media or chat platforms like WhatsApp or Telegram.
 
While the threat of mobile phone hacking is real, here are some suggestions about precautions that you need to take to reduce the risk of becoming a victim. 
 
1. Update software and apps regularly
One of the simplest and most effective ways to protect your mobile device is to ensure that the operating system (OS) and apps or software installed on your devices are always up to date. Developers regularly release updates or patches to fix security vulnerabilities that could be exploited by hackers. Enabling automatic updates ensures that your device has the latest security patches.
 
2. Use strong and unique passwords
Creating strong, unique passwords for your device and accounts is crucial for security. Avoid using easily guessable information such as birthdays, names, or simple sequences. Instead, use complex passwords with a mix of letters, numbers, and symbols. You can also use a password manager to store and generate strong passwords, but check its compatibility with the devices or services that you use.
 
3. Use multi-factor authentication (MFA)
MFA adds an extra layer of security to your online accounts by requiring another form of verification, like an OTP sent to your phone. I suggest using authenticator apps like Microsoft or Google Authenticator. These apps generate six-digit passcodes (authentication codes) on your mobile device (if you are using the app) or web browsers to help sign in for online accounts. Always try to see if you can enable and use MFA for all your accounts, especially those related to finance or sensitive data.
 
4. Be cautious with free Wi-Fi
Avoid using public or free Wi-Fi networks for sensitive activities like online banking or shopping. If you must connect to a public Wi-Fi network, consider using a virtual private network (VPN) to encrypt your internet traffic and protect your data from eavesdropping. 
 
5. Install apps from trusted sources only
Download and install apps from official stores like Google Play or the Apple App Store only. Be wary of third-party app stores, as they may host malicious apps. Before installing an app, check its reviews, developer reputation and permissions.
 
6. Use antivirus and security software
Installing reputable antivirus software on your mobile device can provide additional protection against malware and other threats. These programs can scan your device for malicious apps and files, block suspicious activities, and alert you to potential risks. There are some free antivirus and security apps that perform at par with some paid apps.  
 
7. Disable Bluetooth and Wi-Fi when not in use
To reduce the risk of Bluetooth or Wi-Fi-based attacks, turn off these features when you are not using them. Leaving them on (and open to attack) in public places can make your device more vulnerable to hackers.
 
8. Be wary of phishing attempts
Be cautious when receiving unsolicited messages, even if it appears to be from a trusted source. Avoid clicking on links or downloading attachments from unknown senders. If you receive a suspicious message that appears to be from a legitimate organisation, verify its authenticity by contacting the organisation directly.
 
9. Regularly monitor your accounts
Keep an eye on your financial and online accounts for any unauthorised transactions or unusual activity. Early detection of potential security breaches can minimise damage and allow you to take action quickly.
 
10. Regularly back up data 
In case your device is compromised, having a backup of your important data can be a lifesaver. Regularly back up your data to a secure location like cloud storage or an external drive. This ensures that you can recover or restore your information even if your device is hacked or damaged.
 
Kindly remember, mobile phone hacking is a growing threat in today's increasingly connected world. By understanding the common methods hackers use and taking proactive steps to protect your device, you can reduce your risk of falling victim to these attacks. 
 
Staying vigilant, practising good security hygiene, and keeping your software up to date are vital measures that can help safeguard your personal information and privacy in the digital age.
 
Stay Alert, Stay Safe!
 
Comments
Fraud Alert: Fake Share Market Group Links on WhatsApp or Telegram
Yogesh Sapkale, 23 August 2024
Harish, a youngster with a well-earning job, always wanted to enter the world of the big bulls of the stock market. So when he received a message on WhatsApp about a stock market investment with a 100% profit guarantee, he did not...
Fraud Alert: Online Shopping Scams & Deceptive App Designs aka Dark Patterns
Yogesh Sapkale, 02 August 2024
A few days ago, Sarojini Aunty, a senior citizen, came across an advertisement for Kayani biscuits on the Swad India website. Since she stays in Jaipur, while Kayani's bakery, famous for its biscuits and cookies, is located in Pune,...
Fraud Alert: Dating Apps or Honey Traps?
Yogesh Sapkale, 26 July 2024
The idea of dating apps was to revolutionise the way people meet and form relationships. However, alongside the benefits of these digital matchmaking platforms, a darker side has emerged: dating app scams or honey traps. These scams...
Fraud Alert: Fake Websites and Apps
Yogesh Sapkale, 13 July 2024
In today's interconnected world, cyberspace has become integral to our daily lives. We go online (some 'addicted' people are online 24x7!) for almost everything-from shopping and banking to socialising and working. However, the...
Array
Free Helpline
Legal Credit
Feedback