Phishing, although the most commonly used technique for digital identity theft, is not the only one. In fact, mobile phone infections for this purpose can occur through other means. To give a recent example, SpartCat has come to the forefront as a Trojan that installs itself through apps downloaded from Google Play or the Apple Store (yes, the Apple Store too). It is capable of accessing our image gallery and reading, using OCR, sensitive data related to our digital identity, such as usernames and passwords, in screenshots . This link offers a Kaspersky article that discusses how these Trojans operate. Given what we've seen, it might be a good idea to add protective measures to our smartphones with antivirus software.
The issue of mobile apps is not trivial, given that, without us even realizing it, they can compromise our security . A classic example is when an app, such as a compass, asks us for permission to access our contacts when we install it. This lack of judgment and common sense should be enough to stop the installation, since, when it comes time to sign the legal terms, we won't really know what permissions we're granting to the new software.
Another way to get us broke is by using unsecured public Wi-Fi or fake Wi-Fi (they can intercept data as it's being transferred), so we should avoid accessing online banking when we're at the public library or the airport, if we're using their Wi-Fi networks.
Finally, something completely beyond our control is the hacking of public or private organization servers. We are still recovering from high-profile cases such as the attacks suffered by large energy, fashion, and even financial companies in 2024. We are often told that we should rest assured that hackers never access customers' financial data, since such data is usually stored on specially protected servers, but the uncertainty always looms inside.
Once the credentials are obtained, the phisher will most likely sell this information on the dark web to cover their own tracks, allowing others to exploit it to drain their account. Typically, this will be done by foreign cybercriminals, taking advantage of inconsistencies between legal frameworks in different regions.
Now, up until now we've been referring to the hacking of our banking credentials, but we must pause at this point to ask ourselves: what could be worse than having these credentials stolen? The answer is simple: the theft of the credentials that give access to all our credentials stored in the cloud, something like the theft of the master key. If the credentials that give access to our Google or Apple account are stolen, then hackers can access everything we store in them: passwords, emails, subscriptions, bank cards, access to social networks, applications, and even our cryptocurrency wallet if we have entrusted its custody to this service.
At this point, applying the following security measures, if they don't make us infallible, they do make us responsible users:
- Enable two-factor authentication (2FA) on Google and Apple.
- Use a strong and unique password.
- Set up login alerts to detect unauthorized access.
- Review the linked devices in the security settings.
- Avoid logging in on unknown devices or public Wi-Fi networks.
And if we suspect someone has accessed our account, change the password immediately and review recent activity.
In conclusion, the smartphone is undoubtedly a practically indispensable tool for many of us, but there's no doubt that it's becoming increasingly important when it comes to our personal security. It's up to us to prevent it from becoming a double-edged sword that could end up putting us in serious personal and financial trouble.
