Mobile Phishing: How to avoid getting hooked
Don't let scammers catch a big one
2. Use official apps for sensitive sites
Many official banking apps aren't all that flashy, and a number really only act as a wrapper around pre-existing web sites in any case, which might seem like a prime argument not to waste space on your mobile device.
The saving grace for these apps, as clunky as they might be, is that if you only ever use them to connect to your bank or other financial provider, they'll always steer you to the correct site.
It's all too easy to click on a link in an email - and on a mobile device, it can be much harder to discern the full endpoint of such a link - and be fooled into thinking you're at the official site. With the official app pointing the right way, you can't be wrong.
What if there is no official app? That's where a little careful data entry and a bookmark makes the most sense. Again, if you use a bookmark you've previously entered for your financial institution to check against any suspicious messages, you won't end up on a fake site.
3. Public Wi-Fi poses a phishing risk
Public Wi-Fi is everywhere these days, and it's very handy (and tempting, given the price of mobile data) to use it wherever possible.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
We're not going to say don't use it, but be careful with what you do on a public hotspot, as you've no real way of checking its bona fides, or indeed who might be snooping on it.
As a general rule of thumb, it'd be unwise to do any mobile banking via a public hotspot, or if you absolutely must, use a VPN client at the very least to encrypt your information flow.
4. Be careful with URLs
Most mobile browsers only have limited space for URL display, because most mobile screens are remarkably small.
As such, it's an easy way for phishers to spoof popular sites, because if you only see the correct part of the URL - say, www.mylegitimatebank.com, you figure it's real, without realising what you're actually at is www.mylegitimatebank.com/pleasesendusyourbankaccountdetails.ru
There's a couple of approaches to take depending on your handset and browser. On larger screened phones and tablets, switching to landscape mode may reveal the full URL.
If you're sporting a smaller phone, tap on any suspicious URL, so you can quickly scroll through it in its entirety.
5. What are you really installing
Malware targeting Android handsets can include nasty phishing-style surprises, and they're the type that you may not even notice while you go about using your device in entirely legitimate ways.
It's generally preferable to stick to Google Play market apps - it can be wise to set your device to only install apps from the market through the settings app - but it also pays to check what permissions a given app is asking for before agreeing to install it.
Does a flashlight app really need to read the contents of your SMS messages?
6. Consider Anti-virus software for mobile
There are a number of mobile security apps available for the Android platform; the more closed nature of iOS, Windows Phone 8 and Blackberry OS 10 mean that to date there's no security packages there to protect you.
Again, no anti-malware program can protect you against your own actions, but if it stops an associated malware installation or warns you about a single dodgy link that keeps your bank balance or private information intact, it's a worthwhile investment.