Mobile security: Reducing your risk of fraud and scams

Like many people, you might have your card and bank account information stored in apps or in the mobile wallet on your cellphone. While mobile banking technology makes online shopping and banking more easily accessible, it has also inspired a new breed of hackers who are on a mission to steal your information. 

So how do you protect yourself from mobile identity theft? If you know what to look for, these signs could help you identify and prevent data theft and credit card fraud.  

You receive a text that appears to be from your credit card issuer or bank. You’re told to click on a link to resolve an issue with your account. But there’s a problem—it’s not really your bank. Text phishing, also known as smishing, tries to trick you into providing personal information and/or installing malware, which steals your personal information. 

Messages from short codes like “+1410” could be warning signs: Text scams don’t always come from traditional 10-digit phone numbers. If you think a text is suspicious, don’t click on the link. Scammers can design fake sign-in pages. Always sign in to your financial institution’s page directly. 

If you suspect people are posing as Capital One, you can report it by emailing abuse@capitalone.com. You can also read more about Capital One’s commitment to protect your personal and financial information.

Hackers may use an even more direct approach to access your personal information—just asking for it. It’s called vishing. Here’s how it happens: A scammer calls to warn you of an issue with your account and asks for your credit card, debit card or Social Security number to fix the problem. Don’t risk it—call your credit card issuer or bank directly to see whether there’s really an issue. You can find those numbers on the back of your card, in your banking app or on your statement.

Another way hackers attempt to access the data on your phone is through potentially harmful apps. If you download one to your mobile device, your personal information could be exposed. These fake apps are sometimes installed by clicking on a link or pop-up ad, but they may also be available in your phone’s app store, like Google Play. 

If you’re not sure an app is safe, do a quick internet search about it and the developer before you download and install anything.

If you receive a direct message or a “follow” or friend request from someone you don’t know, be careful. Hackers often use social media platforms to socially engineer targets so that they can thereafter engage in direct communications that contain malicious links that can compromise mobile devices and computers. If you don’t recognize the person, or the link looks suspicious, don’t respond. Delete the message or request.

Strangers aren’t all you have to worry about. Hackers will check to see whom you are friends with, then impersonate them. So if your Aunt Molly reaches out to you asking for money or trying to get you to click on a link, check with her first to confirm whether it’s real or fraudulent.

Hackers often impersonate bosses or co-workers via social media ads, posts and messages to gain personal information. This type of scam is known as business email compromise (BEC) or email account compromise (EAC).

The FBI suggests being careful with what information you share online or on social media, and don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Click here to learn more about BEC scams and how to protect yourself from them.

When it’s time to get rid of your phone, make sure you erase all your personal information. If you don’t, you could leave yourself vulnerable to identity theft. Everything from your address to your bank info could be on your phone. To erase your phone, look on the manufacturer’s website or check with your service provider for instructions.