As consumers snatched up more than 4 million of Apple's newest iPhone model last weekend, it's doubtful that many were thinking about how to prevent personal information from being swiped.
A recent survey by Confident Technologies in San Diego shows a woeful lack of concern by users of smartphones and tablets over keeping their private information secure on those devices.More than half said they do not even take the simple step of using a password or PIN to lock their smartphone or tablet, even though smartphones are being used for more and more important transactions. According to the survey:50 percent use banking, financial or stock trading apps on their mobile devices.35 percent have applications connected to online shopping or auction accounts.77 percent use social networking applications such as Facebook or LinkedIn.97 percent have e-mail applications running on their mobile device."Consumers don't seem to be so concerned, but privacy advocates like us are seeing big risks for exposure of personal information," said Nikki Junker, social media coordinator for the Identity Theft Resource Center, also based in San Diego.Poor security habits may be related to the device itself: A tiny keyboard with multiple screens can be difficult to navigate for the precise digits of a good password, which usually consists of letters, numbers and symbols.This lack of security comes as identity thieves have turned their attention to smartphones."People's lax security habits have made the mobile platform the new frontier for hackers, malware and fraud," Curtis Staker, CEO of Confident Technologies, said in a statement. "The onerous process of typing complicated passwords on a smartphone for every app or online account means that people instead choose to sacrifice security for convenience, leaving themselves and in many cases their businesses at risk of data theft and fraud."One scam on the rise is "smishing": Thieves try to get you to divulge your personal information by sending you a text or automated call saying something like your credit card has been deactivated and you need to act immediately through a link they provide. A recent scam detected by the Washington state attorney general's office involved thieves representing themselves as Well Fargo, Bank of America, Chase, Citibank and Capital One to obtain personal information."I've gotten a few smishing texts myself," Junker said. "One was supposedly from the IRS. Another said I was confirmed for a party tonight. You go to the link, and they could have brought malware into my phone."Malware is software that contains things like viruses, keyloggers, spyware and bots that can take over your smartphone, slow it down, and even lift information to steal your identity.One privacy app is helping consumers fight back.PrivacyStar announced this week that its subscribers have filed more than 200,000 complaints with the Federal Trade Commission through its app service for Android and Blackberry smartphones."If someone gets a call they view as a violation of the Do Not Call list, they can touch a screen, categorize a complaint and file it," said Brad Blaken, spokesman for the Conway, Ark.-based company. "The FCC actually asked us to expand our categories in order to help them."The company encourages cellphone users to register with the FCC on its Do Not Call list, an action previously used mostly for land lines."There's less of a distinction between land line and mobile," Blaken said. In addition to eliminating a land line, many consumers are using their cellphone numbers when registering for an online service or buying a product -- furthering their reach into ID thief hands.To sign up for the free Do Not Call registry or file a complaint with the FTC, call 888-382-1222 from the number you wish to register or go to www.ftc.gov/donotcall.Complaints to the FCC are put into a database available to more than 1,800 domestic and foreign law enforcement agencies that then act on violations with high volume.About 35 percent of all complaints are related to debt collection practices, and about 25 percent relate to telemarketers, Blaken said.PrivacyStar's app offers 13 features, including call and text blocking, call and text ID, and SmartBlock, which automatically blocks the top 10 most-blocked numbers as determined by crowdsourced data. The app costs $2.99 a month, or is cheaper with a longer contract."Technology is progressing faster than our sociological norms," Junker said. "With smartphones, we weren't raised in an age where we handed down information on how to protect ourselves."Teresa McUsic's column appears Fridays.Protecting your smartphone
Use a password on your phone. Make sure it includes upper- and lower-case letters, numbers and symbols and is not associated with other personal information.
Install security software. Many companies offer anti-virus, anti-malware and security software designed for smartphones. Be sure to download updates.
Enroll in a backup/wiping program. These programs, generally provided for a small fee through your phone's manufacturer or wireless provider, will back up information on your smartphone to your home computer and erase all data from your phone if it is lost or stolen. They may also have a GPS tracking device to help find your phone.
Be alert to websites. Double-check URLs for accuracy, don't open suspicious links, and make sure the website begins with the secure "https" before giving any billing or personal information.
Do not "jail-break" your phone. A "jail-broken" phone is a smartphone whose operating system has been opened to applications that otherwise would not be compatible. This makes the phone more vulnerable.
Read the small print. When installing an application, consider the personal information required and whether it is necessary. If you cannot see a reason for the app to have access to this information, reconsider.
Limit activities using Wi-Fi. Try not to buy things or access e-mail in a public Wi-Fi hot spot, which hackers target since they provide direct access to mobile devices. Using your network's 3G connection is much more secure.
Take these steps if your smartphone is lost or stolen. Call your service provider to report your phone missing and have it cancel your service. If you have enrolled in a backup/wiping program, have the administrator wipe your phone. If you have not, treat the loss of your smartphone as you would the loss of a wallet or purse.
Source: Identity Theft Resource Center
Have more to add? News tip? Tell us
