Caretower provides the latest products of Sophos
Samantha Elrabadi was alone at her parents’ home in Rocky River when her cell phone rang. Impossibly, the caller ID showed the call was coming from the landline downstairs.
The 24-year-old Elrabadi answered and heard a man’s voice say, “I am in your house.”
Then the line went dead.
“I was so terrified,” Elrabadi said.
Only later — after police searched her house and found no one – did she learn from officers about phone apps that allow callers and texters to hide their identity from caller ID programs by substituting another number.
“I see no legitimate reason for this to exist,” Elrabadi said. She suspects the call made to her was a prank, but she points out that same technology could be used by a predator to lure a victim by using a trusted number. “It’s like loading a gun,” she said.
Indeed, consumers’ cell phones are increasingly being used against them – and not just by harmless pranksters.
This month, the creepy Girls Around Me app was yanked from the Apple store after it was decried as a stalker’s dream. The app, marketed to men, used geo-location information from social media sites like Foursquare to map the whereabouts of women who didn’t realize info they intended for friends could be used by complete strangers to track them down.
Scammers who once stuck to email inboxes are making the leap to mobile phones – meaning if you haven’t received a text message yet offering you a payday loan or phony Walmart gift card, your day is coming.
And thanks to bank info, account passwords and medical records we like to stow on our phones, losing an Android or Blackberry can induce the same panic as losing a wallet. Or at least it should.
The best way to protect you and your phone is to know where the dangers lie.
LOST AND STOLEN PHONES
Security experts say the biggest threat you face as a smartphone user today is loss or theft – because people are constantly leaving phones where thieves can snag them.
Symtantec, a data security company, recently planted 50 phones around the country to see what the people who found them would do. The company reported that 43 percent of the finders tried to access the banking app.
The high resale value of smartphones drives thefts. This month, in an effort to strangle the market for stolen phones, the Federal Communications Commission announced that the nation’s wireless providers would create a shared database of stolen phones to prevent black market phones from being reactivated by another carrier.
Problem solved? Not quite.
“We’re suspecting that the market will shift from the device itself to the information on it,” warns Chester Wisniewski, a senior security adviser for the IT security firm Sophos.
To protect yourself:
• Lock your phone keypad to protect your phone and the data in it if it’s lost or stolen. Find video instructions for installing a phone password at bit.ly/celllock
• Consider downloading an app that can find missing phones and, if necessary, remotely wipe them. Most providers offer them free. The CTIA, a trade group for the wireless industry, lists apps at bit.ly/cellfind
Lois Powers, who has to leave her mobile phone on around the clock for work, knows that receiving spam texts is a drag, and not just because you have pay for it.
“In the middle of the night, I’m getting these text messages,” Powers said. She gets mainly offers for phony gift cards – texts that have no affiliation with the retailers whose names they borrow.
Robert Siciliano, an ID theft consultant with security provider McAfee, said most spam texts are phishing scams, but some may contain malware.
Responding to unwanted commercial text messages – even to ask texters to stop contacting you — may only result in more texts.
When the FTC shut down a loan modification spam operation last year, the agency found that the spammer sold the numbers of people who responded – even those who asked to be removed – to other companies as “debt collection leads.”
Amy Storey of the CTIA said the industry is working to stop spam at the source, but to do that it needs consumers to report unwanted texts.
To protect yourself:
• Do not respond to spam. If you’re tempted by an offer of free stuff, at least check the offer with the retailer through its web site rather than clicking on a link.
• Report spam texts to your wireless provider by forwarding the text 7726 (it spells “SPAM” on a phone keypad). You’ll get back a text back asking for the number the spam came from, which you’ll need to respond to in order to complete the complaint.
• Additionally, report spam texts to the Federal Communications Commission at fcc.gov/complaints.
•Put your cell phone on the Do Not Call Registry to protect yourself against texting’s ugly cousin, the robocall. It won’t end illegal robocalls, but it may make reporting them easier. Add a number to the registry and report violations at donotcall.gov or dial 888-382-1222 from the wireless phone you want to register.
• Don’t blindly trust Caller ID. Senders can spoof numbers on phones so calls and texts appear to be from someone else, even someone you know. Make sure your kids know this, too.
Malware can do the same bad things to your phone that it can do to your computer — capture information about you, use your phone to deliver bad stuff to others or make your phone inoperable.
You can infect your phone by downloading infected apps or clicking on infected emailed links.
In the same way you can’t always trust that the person calling you is the one identified on your Caller ID, you can’t trust that a mobile alert is really from your bank.
“Anytime you’re doing something financially related,” Wisniewski said, “your Spidey-sense should be tingling.”
To protect yourself:
• Consider getting a reputable antivirus program for your phone, particularly if you have a vulnerable phone, like an Android, Siciliano says.
• If you supect your phone is infected, back up the data and contact the manufacturer to reset it at the factory settings.
• Opt for a new phone rather than a used one. Used phones, Siciliano has found, often come with viruses.
• Don’t click on emailed links. If you get a text or email from your bank, go to the bank’s website and log in to get the message rather than risking clicking an infected link.
Phones feel like private devices, so it’s easy to forget that when we use them to post photos or status updates we may be transmitting more information than we intend.
Most phones and social media sites, like Twitter and Facebook, let you turn off the location device, Wisniewski said, and some apps may give you that choice as well.
But if you update your phone, the settings may automatically reset.
“You’re not being paranoid if you’re looking at these things occasionally,” he said.
It’s creepy stuff for adults, but doubly creepy for parents whose kids carry phones.
Apps you load on your phone may collect, store and share information about you, including where you are, the places you frequent, your contact list, who you’ve called, and other data you keep on your phone.
Last year, consumers were mortified to learn that several apps, including Color, could remotely activate phones to eavesdrop on conversations in homes and offices.
It’s not always easy to find out what info apps are accessing.
When the FTC looked at mobile apps marketed to children, staffers could find very little information about data collection.
The agency plans a workshop on mobile privacy in May to figure out ways app providers can craft short, meaningful disclosures that are easily read on a cell phone’s small screen.
The goal, Poss said, is “making sure consumers understand, when they are using new technology, what things they’re sharing and what they signed up for.”
To protect yourself:
• Know what questions to ask about an app before you download it. See the FTC’s consumer guide to apps at ftc.gov/opa/2011/06/mobileapps.shtm And don’t let kids install apps on their own.
• Set the privacy settings on your phone, social media and other apps to a level you’re comfortable with.
• Recheck your settings occasionally, especially after you update, upgrade or make a change in service, any of which could cause the settings to revert.
• Don’t let children download apps until you check them out.
Plain Dealing runs Wednesdays and Sundays in The Plain Dealer. Email your consumer questions, along with your name and city, to email@example.com or call 216-999-6344.
On Twitter: @consumerwriter
On Facebook: PDConsumerAffairs